Why banks should be (but aren’t) experts in PSD2

European banks are feeling the heat like never before. Not just from direct competitors and an increasing number of financial technology (fintech) start-ups, but also from big players such as Facebook who are undoubtedly counting the minutes until the implementation of the second iteration of the Payment Services Directive (PSD2) at the end of January 2018.

The most significant implication of the European Union (EU) regulation is that banks and financial institutions will be directed to open up their application program interfaces (APIs) to third parties. Effectively, they are being asked to hand over the keys of their vaults to current and future rivals. Customers will suddenly find themselves with a smorgasbord of choice when it comes to who looks after their money or handles their financial transactions.

Shake-up for banks is an inevitable reality

The lack of knowledge banks have around PSD2 is surprising. While many organisations have a high-level view, few have really got to grips with the finer detail. It is a long document – 93 pages of text – but the overall impression being given is that many banks hope that PSD2 will go away.

Unfortunately for them, these hopes are in vain. The EU is fed up with the lack of action that has been evident around banks and innovation – and has been for some time. The first Payment Services Directive was finalised in 2007 and was intended to stimulate competition in the payments space. However, there was still little access to the systems, infrastructure and account data; making innovation very difficult and doing little to increase the choice that customers had available.

The new provisions within PSD2 – which was finalised in October 2016 and legally must be adapted by EU member states no later than January 2018 – is much more like a step towards a digital single market. It requires bank to open access to customer data, bank accounts and give permission to third parties to initiate payments on behalf of the customer. What’s more, the cost of doing this will all lie with the bank rather than the third party. Furthermore, banks are also not allowed to prioritise their own transactions over third party transactions.

This all sounds pretty horrible for the banks, so it is no wonder that many are sticking their head in the sand. But PSD2 isn’t going away. Banks need to pay attention.

Threat versus opportunity

Another big problem for banks is that the liability to protect against fraud still falls on them. It’s a pretty terrifying outlook for sure: banks currently stipulate that users can’t share their login details, so we’re looking at a fundamental shift in how things are done.

With banks being legally obliged to open up their APIs so others can come along, new parties will enter the market; whether they are from the fintech sector, traditional rivals such as other banks, or technology giants such as Facebook. Banks have suddenly got nowhere to hide.

The sector has traditionally been slow to innovate. This isn’t a problem for small, agile fintech start-ups – look at Mondo, Solaris, and Number26 for example. They also create compelling user experiences. Large technology companies such as Facebook have a wealth of experience when it comes to dealing with APIs and have access to many pairs of eyes already.

However, while banks will feel threatened here, they need to think of PSD2 as an opportunity if they are going to survive; attack really is the best form of defence.

In a post- PSD2 world, will Facebook be the financial services institute of choice?

Facebook has already applied for a licence within the EU to provide payment services. Globally, the service has an enormous user base of some 1.6bn profiles. On top of that, it is sticky – people typically spend 20 minutes on average per session.

So it’s pretty clear to see why it would be such a threat to traditional banks. Wouldn’t it make perfect sense to a user for Facebook to provide access to payments given that he/she spends so much time there? What’s more when it comes to peer-to-peer (P2P) payments, forwarding small amounts to friends through Facebook is perfectly logical – why should users open up a new app or site to make the payment? The idea of aggregating accounts in all one place, accessed by just one login, will have immense consumer appeal.

There’s another potential outcome here – the death of the payment card. Services like Apple Pay have so far been built on top of card infrastructure. But with PSD2, there’s no need for Apple to go through Visa, for example, as it will use PSD2 to connect directly to the banks and bypassing the card issuers.

How can banks prepare?

Banks are undoubtedly moving into a difficult place. They have three potential courses of action:

Do nothing:
Close their eyes, bury their head in the sand and pretend it isn’t happening – but for most this isn’t a realistic option.

Banks could look for their inner Steve Jobs – someone from inside the group who can create and execute visionary product strategies. That would allow them to launch new services as soon as possible in order to be ahead of the curve and compete with the newcomers. In cases where they have no one within they could collaborate with innovative fintechs, or hire people from these companies to drive their strategy.

To do this, banks need to realise that PSD2 brings just as much of an opportunity as it does of a threat. If they have to open up their APIs, then so do their rivals. Why not access the APIs provided by the other banks and build them into your own services? It’s an aggressive strategy, for sure, but it could help to attract new customers to your bank.

Focus behind the scenes:
Some banks could also find themselves moving away from providing front-end services for consumers and instead focus on being the back end for other banks. Those that have strong infrastructure might see this as an attractive option, but it is a risky play – if you don’t stay on top of operational efficiency then it would be very difficult to do this profitably. What’s more any bank choosing this strategy would have to implement it before January 2018 – a gargantuan task.

There are only tough choices ahead for banks thanks to PSD2. Ultimately, this is good news for consumers, but could spell the end for banks that opts to bury their head in the sand, or takes too long to define their strategy. So the message to banks is simple: Innovate or die.


Related reading