Some states have given moratoriums considered excessive by others, while fintech companies complain about the slowness of part of traditional banking in developing key functionalities of the European directive on payment services, such as the system for accessing customer data.
The second European Payment Services Directive or PSD2 has spent its first year of life trying to increase the security of payments in Europe, trying to promote innovation and favoring the adaptation of banking services to new technologies. This ambitious regulation brings about fundamental changes in the industry by giving third parties access to bank infrastructure. Like any great change, it is not a simple task.
PSD2, a mirror that other nations in Asia and Latin America look at, and in turn a reflection of other unique experiences, such as that of the United Kingdom, which we will also report on in this article, has progressively entered into force between January 13, 2018 and September 14, 2019, and is due to end this month (March). The European Banking Authority (EBA) decided back then to grant a 12 month moratorium as much of the industry was poorly prepared, mainly certain traditional banks.
At that time, some countries took the opportunity to extend the new term to 18 months, which was something that some actors in Spain also requested, even against the Bank of Spain’s criteria. Finally, one month later, in October 2019, the EBA yielded up to an extra 15 months, and subsequently extended it to 18 months. Today we talk about March 2021 as being the final frontier for the full deployment of PSD2.
BBVA was one of the first financial institutions to open up its platform and core services through open APIs with BBVA API_Market, always being one step ahead of a disruptive regulation, which as such is catching many actors with the changed pace.
SCA is delayed: fintech companies wait
The main reason that led the EBA to yield and postpone the deadlines is closely related to user data security. The European banking authority was aware that without a complete effective deployment of Strong Customer Authentication (SCA), also known as two-step enhanced authentication, the security of critical data could be compromised.
As Nick Caley, Vice President of financial services and regulatory at ForgeRock, a digital identity and authentication management company, explains in this article by Fintech Futures, SCA requires electronic payments to be made with multi-factor authentication to shield the security of this new ecosystem.
Despite this, many European banks have continued to delay their PSD2 implementation, causing great frustration in the fintech community, and among the companies and startups making it up there is growing discomfort because the quality APIs they need for their banking innovations to work are delayed by the slow pace of certain actors.
What we can expect in 2020
The market will not stand still. Despite the delays, PSD2 will become a reality for day-to-day banking and will eventually expand further to allow for effective open banking between all EU countries. The delay of some in implementing regulatory measures and their derivatives, as well as a substantial improvement in the entire user experience strategy, now at the center of all business operations, will be a competitive advantage for new players. These include both fintech startups and traditional banks that have opted for this path even since before the regulation, as is the case of BBVA.
Banks now have until March 2021 to comply with PSD2, including SCA. But they cannot afford to view this 18 month extension as an opportunity to delay their digital transformation. The most versatile and strongest technical players, the GAFAs (Google, Apple, Facebook and Amazon), are moving fast in this area. Apple successfully launched a credit card with Goldman Sachs, while Google announced its intention to offer checking accounts to consumers.
These giants handle such an amount of data from the average user that they can hit the UX and user journey keys very quickly and accurately. During 2020, we therefore expect that there will begin to be a much more significant reaction from banks and payment service providers, account managers, or ASSPS.
United Kingdom multiplies its figures
The past year was a really good one for the modernization of the British financial industry. Despite the ups and downs caused politically and socially by Brexit, the figures were resounding: the number of regulated open banking operators practically doubled, from 104 to 204, and 1.25 billion API calls were made within the ecosystem. These are data from the official body Open Banking Implementation Entity (OBIE).
The dynamism shown by the United Kingdom in developing its open banking strategy can be seen in milestones such as the entry of Tesco (the largest food distributor in the country) into the open banking ecosystem in March; or in the event two months later, when NatWest became the first bank to offer a payment alternative to online purchases without the need for a card.
For the current year, the objectives set by the United Kingdom according to the OBIE itself include completing the implementation of the open banking framework and improving the usability and functionality of its joint offering; increasing the adoption of open banking by customers (a bone of contention globally, due to their reluctance to share their data); expanding the ecosystem of third-party providers and working with industry and regulators to expand the reach of connected financial services.