European Fintech Alliance raises bank API fears

European Fintech Alliance raises bank API fears

The European Fintech Alliance has fired another broadside in its tussle with the financial services establishment over PSD2, raising fears that banks will develop substandard APIs as a way to fend off competition.

Specifically, the alliance of 74 fintechs, challenger banks and fintech associations is unhappy that the Regulatory Technical Standards on strong customer authentication and common and secure communication under PSD2 allow banks the possibility to be exempted by their National Competent Authority from having to accommodate licensed Third Party Payment Services Providers (TPPs) to access accounts via the so called fallback option in case of malfunction of the API.

"This is indeed a novel approach - we are not aware of any other case when new competitors in an industry have been obliged to rely on a specific API controlled by the incumbents," says a statement.

The latest missive is part of a long-running struggle between the fintechs and banks over the shape of PSD2 after authorities decided last year to outlaw screen scraping in favour of bank-led access to client data under APIs.

The alliance makes clear its fear: that banks will deliberately minimise the functionalities and information available in their APIs as a way to stymie the TPPs.

With this in mind, it says that the EC, EBA and ECB have a "heavy responsibility" to "ensure that any API offered by banks has the adequate functionalities and performance, and works in practice" if they want the objectives of PSD2 to be realised.

The alliance has set out what it calls the key API requirements in four areas: authentication, information, performance, and consent management. You can read the detail here.

Comments: (6)

Giles Sergant
Giles Sergant - Consultant - Newcastle Upon Tyne 26 February, 2018, 17:38Be the first to give this comment the thumbs up 0 likes

They (TPPs) don't have much to worry about, the likelihood of an exemption granting is some way off. 

The EBA wrote to the EC a month back complaining about a number of aspects included by their 11th hour changes before submitting to the European Parliament & Council.

Included within their concerns around Article 33 for exemption granting was the small matter that one of the conditions laid down upon the Competant Authority was that the dedicated interface "has been designed and tested in accordance with Article 30 (5) to the satisfaction of the payment service provider (TPP) referred to therein". To the "satifaction"?

The EBA went on to say "this is of particular concern, inter alia because this provision appears to make the eligibility for the exemption to a legal requirement of one category of providers (ASPs) contingent on the 'satisfaction' of another competing category (TPPs) and does so without specifying how CA's (Competant Authorities) and the EBA are meant to establish said satisfsction".

Their letter also added that the provisions lay down that each CA should consult with the EBA for every exemption attempt and that neither the CA's in each geography nor the EBA had the preequisite specialist IT resources and competancies to test each PSP and its IT system individually (potentially up to 6,000 ASPs).

The EC responded last week but their response was silent on this particular matter.

Will this simply be waived on thru by the EP&C?

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 26 February, 2018, 18:002 likes 2 likes

"This is indeed a novel approach - we are not aware of any other case when new competitors in an industry have been obliged to rely on a specific API controlled by the incumbents," says a statement. 

Seriously? Can the European Fintech Alliance name a single industry - apart from finserv, that is - in which the incumbents are mandated by regulators to share their customer info with their competitors? Yes, Amazon with Overstock.com, anyone? Facebook with Twitter? There was so much hue and cry when WhatsApp wanted to share its user info with its own owner Facebook.

IMO, the European Fintech Alliance shouldn't look the gift horse in the mouth. 

Ralf Ohlhausen
Ralf Ohlhausen - PPRO Financial Ltd - London 27 February, 2018, 07:16Be the first to give this comment the thumbs up 0 likes Currently, and for the last 15 years, TPPs have had flourishing businesses in most EU countries, because they offer services, which their customers‘ banks don’t. Now we are forcing them to get licensed and use new APIs provided by their (competing) banks. Gift horse? The least we must do is to ensure that these APIs provide better not worse data to them so that customer offers can be improved not worsened! This „Future of European Fintech“ alliance is trying to achieve just that and that their „horses“ are not beaten to death.
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 27 February, 2018, 09:39Be the first to give this comment the thumbs up 0 likes

What're those services? If TPPs could flourish without PSD2 / Open Banking, why're they clamoring for regulation? Why don't they continue with the past situation?

Bob Lyddon
Bob Lyddon - Lyddon Consulting Services - Thames Ditton 27 February, 2018, 10:011 like 1 like

I think that the answer to that, Ketharaman, is that it is in the nature of the EU "free market" that the authorities do not believe any market activity can be permitted to emerge into a scale business without the authorities taking a view and bringing it within the scope of regulation. The regulatory framework and process being what they are, there is then a 10 year delay and the resulting camel - which is what the RTS have become - is the original gift horse repeatedly re-designed by the various European committees.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 27 February, 2018, 10:19Be the first to give this comment the thumbs up 0 likes

@BobLyddon: LOL:) I've noticed that. At the height of cash crunch caused by de/remonetization in India in Nov-Dec 2016, the retail payments industry regulator cum bank consortium NPCI launched BHIM, a mobile payment app that supports A2A fund transfer without entering cumbersome account, sort code details. Functionally the equivalent of EU's PayM / Zapp, which took several months / years to launch, BHIM happened in 45 days. 

Featured Job
All Jobs »