And so, it’s finally here.
If a monolith must move, can it dance?
The monolith is the U.K.’s banking system. The “finally here” is the debut of Open Banking as part of PSD2, which of course extends across the 28-member EU.
The dance? The nimbleness with which data is used – and that’s the promise and the peril.
Here is a landscape where banking is dominated by a few marquee names – think Barclays, Royal Bank of Scotland and HSBC, among them. And as the newly arrived directive – officially, the second Payments Services Directive (aka PSD2) – takes shape, the goal is to free up data and access (with consumer approval, of course) across standardized formats and processes.
With that access, the thinking goes, new market entrants can offer new services to end users, with eyes dually focused on innovation and costs.
The mechanics are as follows: PSD2’s introduction brings to bear the account information service provider, which works with APIs to extract data from banks (several banks, as may be the case) and then consolidates that data in a central locale, in turn making it accessible to other providers.
The changes are big ones – and yet, might many be caught flat-footed? Some data suggests yes, at least on the consumer side. One survey (from consumer marketing firm Which?) found that as many as 92 percent of respondents had not heard of Open Banking. This means they may not be quite ready to share their data, which extends across basic financial records and branches that are used by customers, among other details that are more complex – think mortgage payment records and credit and utility payments.
In the U.K., enforcement is done through the Competition and Markets Authority and by the Information Commissioner’s Office. Oversight of the data itself is the purview of banks, who must monitor transactions. The account holder has control over this, and must give approval for any data sharing – if they say no, the data does not get shared.
Mechanics aside, if the goal is to foster openness and competition in the financial arena, larger questions arise. Which services will be most readily embraced? The path may not be linear and, as noted above, there is a distinct lacking in the education of the users themselves. But as to what to expect …
In an interview with PYMNTS, Jordi Gascon, with EMEA Security at CA Technologies, noted the challenges for banks across the EU, right out of the gate: “PSD2 compliance is a must, and they need to cope with the intrinsic risks of opening their infrastructure to third parties.” For other firms, such as FinTechs or telecommunications companies, “they must coordinate and provide access to multiple different interfaces or protocols.”
Security may be top of mind as the firms seek to comply with the directive (security guidelines have been published by the EBA).
And, said Gascon, “In terms of security, one of the weakest links in the chain is the end user. Ultimately, they decide if a process needs to be executed, a file downloaded or if they introduce a password or account number in a text field. Every bank must take responsibility to raise awareness amongst their account holders of the changes and risks that come” with PSD2, noting that “while consumer is king, banks and TPPs have a responsibility to protect them – even from themselves.” Even as open APIs boost services available to customers, Gascon told PYMNTS that “those APIs still need to be secured, monitored, controlled and managed.”
How might PSD2 have an impact beyond the European community? Gascon pointed out that PSD2 applies to payment services provided throughout the European Union, but also includes transactions with countries when only one of the payment services firms is located in the EU, as part of what is known as “one leg transactions.” As noted in other PYMNTS articles, cross-border transactions, such as those between firms based in the U.S. and consumers in the EU, may benefit from lower costs and greater transparency as payments can be initiated directly from consumers’ accounts.
Separately, and again looking at the U.K. as Open Banking takes shape, Richard Ransom, head of business development at Bottomline Technologies, said in a statement before the launch that “Open Banking will make it easier for businesses to use faster payments in the U.K., on a multi-bank basis. Additionally, the new payment architecture currently being designed for the UK will make faster payments even more valuable.”
He noted in his statement that “new initiatives, such as ‘Request to Pay’ and ‘Enhanced Data,’ will see the potential introduction of sophisticated electronic invoicing into the payment system, ultimately making it easier for companies to pay and get paid.”
Regulation News Closer to Home: The CFPB
Separately, it wasn’t all PSD2 in the regulatory arena.
Domestically, in the continuing battle over who runs what at the Consumer Financial Protection Bureau (CFPB), a federal judge dismissed a request for a preliminary injunction against acting director Mick Mulvaney. The judge ruled that Leandra English, who has sued to stop Mulvaney from serving as acting director, didn’t meet standards for the injunction’s approval.
As noted earlier in the week, the Justice Department has effectively gutted the Cole memo, which allows the cannabis industry to operate at the state level. At the same time, the Financial Crimes Enforcement Network was caught a bit off guard, having not been informed beforehand, with one impact possibly being that billions of dollars tied to the industry might be pulled from banks.
Bitcoin Ban or No?
And in the “will they or won’t they” department, in terms of bitcoin, it seems they won’t. South Korea’s government has backed off the idea of banning bitcoin trading, after backlash and petitions seemingly brought about a rethinking of such a freeze.