Written By: Matthew Hemmings – International Director
The Payment Services Directive 2 (PSD2) creates a new vital context for commercial banks. It is requiring banks to open access to their systems and clients’ accounts. The term Open Bank is the name for this ambitious European project that will definitely change the activities of commercial banks, with the requirement for European banks to open their systems to third parties by next year. Some are saying it is about to create a “bridge” between online platforms and banks, similar to Amazon being able to access a client’s data stored in his or her bank (with permission).
But the stake is far beyond a simple bridge.
PSD2 will break down the bank’s monopoly on its user data and force traditional banks to make access to their systems simple and fast to meet the expectations of clients’ experiences. By doing so, many fintechs will see real opportunity to extend the financial services they offer on their online platforms, and they could definitely divert clients from their exclusive relations with their banks. A growing number of young shoots have been seen in the development of open-programming interfaces (application-programming interfaces, or APIs), the communication tools that banks will have to develop to dialogue with the outside world, a new vein. Why not use these APIs to offer themselves as open-technology platforms for distribution of banking-services “bricks”? More and more young finance start-ups are developing financial-services marketplaces, through which banking transactions can be realised.
For example, APIs made available by Barclays are enabling players such as Circle to provide peer-to-peer payments to smartphone owners in the United Kingdom, Ireland and Spain. In the UK, banking platforms such as N26, Atom, Starling Bank, Mondo and others are becoming the new face of frontline banking services on mobile devices.
Further on, complete fintech platforms are being developed.
Below is an illustration from the UK government report “Call for evidence on data sharing and open data in banking”.
solarisBank, the pioneer of the sector, announced in March that it had raised €26.3 million. solarisBank is creating platforms offering various bricks of service (cards, payments, loans) that non-bank players can plug in to their online services. And they will get access to banks through solarisBank. For instance, car dealers could process their clients’ requests for loans, and receive loan approvals at the same time the customers buy their cars. Considerable time and cost can be saved by non-bank players by linking their systems to that of traditional banks. They do not need to build as many pipes as there are banks; they only need to plug in their systems to a fintech such as solarisBank.
Profound changes occurring in traditional banks’ systems and organisations.
Traditional banks have been forced to work closely with fintechs and online-platform developers, and many have made considerable progress in amalgamating these new technologies into the heart of their old systems. They also have had to hire talent and integrate into their information-technology (IT) departments profound changes in the development area as well as creating new processing departments. Banks have had to create APIs but also enable faster development within their own institutions, and embrace new business opportunities, just as other industries have done before them, such as transportation and travel.
Traditional banks have to constantly adapt their strategies to improve clients’ experiences but also give consumers greater power over the use of their personal data and financial assets. The customer experience must remain at the centre of future strategies.
What price for banking services, and who will be responsible for client data security?
Opening their systems is already one big challenge for banks, but PSD2 regulation comes together with another regulation, General Data Protection Regulation (GDPR), by which banks have been told that information such as transaction and loan-repayment data does not belong to them but to their customers. Those who want to use that data to access better financial products or services will be able to do so in a safe and secure manner. Traditional banks will remain their clients’ account-keepers, responsible for the confidentiality and security of the client data that they store. But what about the data that they will share outside with fintech and online-merchant sites?
In the United Kingdom, the second report on the big banks released last week by the Parliament’s economics committee called for customers’ transaction history, account balances, credit-card usage and mortgage repayments to be made available to competitors via APIs by July 2018.
But important issues are not yet clarified:
- data storage or use will have a value and price of usage, or remuneration to banks as data custodian as well as remuneration shared with different online actors, but it has not yet been defined;
- determining where liability for data breaches lies and how to create trust for the new system among customers is another difficult topic.
What is the price of all this information and its use, and what happens in case of cyber-breach? It is likely that the bank will not feel responsible in case of a leak happening outside of its system. As well, it is unlikely that fintech start-ups will all have sufficient capital or insurance to cover losses in the case of a catastrophic cyber-breach.