The review of PSD2 by the European Commission raises the question: where does open banking go from here?
Following a recommendation from the European Banking Authority, the industry is debating whether introducing a single API standard is the key to reducing fragmentation and improving open banking.
But experience has shown that defining a common API standard doesn't guarantee API consistency. In this blog post, we’ll recap progress with PSD2 and address three big questions about its future:
Do we need a single API standard in the EU?
Will all the rules be applied more consistently?
Will we finally have borderless instant payments?
PSD2 was the start of open banking in Europe. Through it, customers were given the legal right to use third party providers (TPPs) to access their own account data and initiate payments. This has been transformational in several ways:
PSD2 began levelling the playing field
By supporting dedicated interfaces to initiate payments on behalf of consumers, PSD2 lowered the barriers to entry for new providers. After open APIs were introduced by banks, there was a sharp increase in market entry. Today, there are more than 500 authorised companies providing open banking services to customers all over the EU, up from only a handful before PSD2.
PSD2 has stimulated innovation
PSD2 brought together AIS – access to transaction data – and PIS – the ability for third parties to initiate a payment. This has led to an explosion of innovation, where businesses can combine payments with data to create powerful use cases, from user verification and affordability checks to seamless customer onboarding.
PSD2 has made payments safer and more secure
Where PIS payments are used to pay businesses, they can replace manual bank transfers and prevent misdirected payments and scams. From the very beginning, open banking payments were required to use Strong Customer Authentication (SCA) for initiation, making them hard to target for fraudsters.
In many ways then, the EU’s open banking initiative has been a success both for businesses and for consumers. But how can Europe catch up with other markets like the UK that have gone even faster?
Let’s return to those three big questions:
Do we need a single API standard in the EU?
Will the rules be applied more consistently?
Will we finally have borderless instant payments?
Do we need a single API standard?
A big debate is whether the European Commission should recommend or mandate a single API standard.
PSD2 requires banks to meet certain criteria for their open banking interfaces. Because of this, several standards bodies were established, including the Berlin Group, STET and PolishAPI. Their role is to develop specifications for APIs – the technology used to develop dedicated interfaces.
But implementation has so far been left to individual banks. In effect, the term “API standard” is inaccurate. What we have is a series of technical specifications but little coordination around how they are implemented and how well they perform.
This leads to the same APIs being implemented and performing in different ways. Even within the same standard, we see differences in how banks interpret and implement it.
In turn, open banking providers have to treat each API on a case-by-case basis. In other words, there is a considerable difference between having a standard and making sure that the same standard is being implemented in a standardised way.
“What we have is a series of technical specifications but little coordination around how they are implemented and how well they perform.
But a common API standard is not necessarily the solution.
Firstly, there is plenty of innovation helping to resolve open banking fragmentation. One example, while perhaps unintended in PSD2, is API aggregation. This is where fintech companies specialise in connecting to bank APIs, creating a single API for other firms to connect to.
This allows other regulated open banking firms to focus on innovative user propositions, rather than maintaining bank connectivity. The market for both API aggregation and consumer services is highly competitive and works well.
Secondly, there is plenty of valuable work and expertise within the current standard bodies, meaning there's no need to build a new API standard from scratch.
So what's the solution?
Build on and harmonise the work of existing standards bodies
The EU should encourage more dialogue and cooperation between existing standards bodies. This way, the technical and commercial know-how in these groups would be harnessed rather than lost, and new standards would align and converge over time, rather than becoming more fragmented.
The EU should also clarify how existing standards bodies should interact with specifications developed by the European Payments Council, following on from the work of SPAA MSG.
Consider a central body to coordinate API implementation and performance
Rather than focus on a common API standard, the EU could develop a central independent body, or empower existing bodies to focus on API implementation and performance across banks.
This would be a similar model to the Open Banking Implementation Entity in the UK, which had enforcement powers from the Competition and Markets Authority, and which helped advance open banking at a faster pace than other comparable markets.
A central independent body could act as a single trusted source of public data on open banking. Right now it’s difficult to know how many European users there are, how many payments or data requests are made each month, and how this is growing over time. This data is available in the UK from the OBIE.
Such a body could also play a role in creating more seamless and more consistent payment authentication journeys by issuing guidance on best practices.
Unnecessary friction in the authentication process is a significant and artificial hurdle to open banking truly taking off in Europe.
“
Will the rules apply more consistently? (PSR1 or PSD3?)
Another question raised by the EU's review is: will PSD2 stay a Directive or become a Regulation? Will there be room for interpretation or will the rules apply the same way in each country?
EU Directives require transposition into national law, so each member state will interpret them in slightly different ways.
In contrast, EU Regulations apply ‘as is’, which minimises the room for interpretation and ensures a more consistent application across all 27 member states.
In the case of PSD2 (a directive), the flexibility to transpose it differently has created differences in interpretation.
For example, only some EU countries classify credit cards as payment accounts, which open banking providers are able to access. This lack of consistency means consumers can use fewer services in some countries than others.
Transforming PSD2 into Payments Services Regulation (PSR1) would help open banking by ensuring a quicker and more consistent implementation.
But it can be difficult to achieve consensus on Regulation, so continuing the Directive approach could lead to faster improvements in payments and open banking.
Will we finally have borderless instant payments?
We’ve written before about why open banking needs instant payments and why the EU’s legislative initiative on this is so important.
Open banking puts instant payments at the fingertips of both consumers and merchants. It elevates SEPA Instant from a bank transfer option available only through online banking to an alternative payment method in fast-moving sectors like ecommerce or investment.
But right now SEPA Instant falls short of its pan-European aspirations. Patchy coverage and high costs for consumers keep it from being a perfect match for open banking payments.
“Open banking payments will only fulfil their full potential in Europe if instant payments are available everywhere.
And because IBAN discrimination is still a problem, it remains difficult and sometimes impossible to make cross-border open banking payments.
That’s why the EU needs to complement the review of PSD2 with legislation that encourages the frictionless use of SEPA Instant.
Open banking payments will only fulfil their full potential in Europe if instant payments are available everywhere and obstacles like IBAN discrimination are removed.