PSD2 - An Introduction

Background

Traditionally, retail banking institutions have maintained a competitive advantage over smaller non-banking financial institutions not only through cheaper access to capital but also through a legislative environment that created high barriers to market entry. The combination of such has led to a less than optimal environment with a lack of product innovation, gross operating inefficiencies and a highly concentrated marketplace. The result of this is that both shareholders and customers have suffered.

As a result of the European Commission’s (EC) new Payment Services Directive (PSD2) which comes into force in January 2018 (next month!), this competitive environment could see a huge change overnight. No longer will banks be bastions of strength immune from smaller players. New Fin-Tech innovations will have more scope for entering into the market and using their modern operating models to out manoeuvre the traditional incumbents. The banks have reason for concern.

The Payment Services Directives (PSD)

Since the start of the century, the European Commission has been steadily introducing new rules and regulations to harmonise the European banking environment. That is, reduce the friction of dealing within the single European market which has had numerous benefits for both consumers and commerce alike. An obvious one being reduced costs.

One such regulation is the EC’s PSD1 - the first incarnation of which came into force in November 2009. Written with consumer protection in mind, this directive was more about dealing with creating a common structure (amongst member states) surrounding payment services such as credit transfers, direct debits and card payments. Importantly, this laid the groundwork for a common Single European Payment Area (SEPA).

The PSD needed to be updated to make it future proofed for the new breed of Payment Service Providers (PSP) that are becoming increasingly active in the pan European market. January 2018 will see the PSD2 come into force. This directive is largely about further enhancing PSD1 to support a Digital Single Market (DSM). For the retail banking industry this directive is of particular interest. Not only is this directive about further harmonising the European banking environment, it also looks to promote competition through a regulatory framework which encourages the emergence of new players (e.g. FinTechs) and the development of innovative mobile and internet payment services in Europe. Ultimately, this will open up payment markets to new entrants leading to more competition, greater choice and better prices for consumers.

Specifically there are two key points with respect to opening up payment markets to new regulated non-bank players (i.e. payment institutions) which are collectively known as:

Payment Initiation Services (PIS): PSD2 stipulates that consumers can make payments from their bank accounts directly to an online merchant, typically by establishing an electronic payment link between the payer and the merchant via the payer’s online banking module.

Account Information Services (AIS): PSD2 states that retail banks must make customer data freely (yet securely) accessible to third parties, using a common standard of open APIs.

There are a number of other aspects introduced in the new directive however, strategically, these two should be of particular interest. Moreover, they reflect the need to reevaluate the traditional models in order to support new and innovate digital financial services.

Payment Initiation Services (PIS)

As defined in Article 4(15)

“a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider”

PSD2 requires retail banks to make customer data freely (yet securely) accessible to third parties via a common standard of open APIs. This means a merchant may integrate a PIS into its online checkout process to enable it to offer the option of online credit transfers as an alternative to card payments. That is, a merchant can communicate via the bank provided API either directly with the payer’s bank or via a third party payment initiator, effectively cutting out the merchant’s acquiring bank and the card schemes. Importantly, banks can not apply additional charges to those payments or treat them as of lower priority. The net effect being disintermediation, increased efficiency and reduced costs.

This represents a big change to the current payment landscape where credit cards schemes (i.e. Visa, Mastercard, etc) have historically had the upper hand. It is clear that this is a win for merchants and a threat to the established players. Understandably this gives reason for concern for both acquirers (banks) and card schemes.

Account Information Services (AIS)

As defined in Article 4(16)

“an online service to provide consolidated information on one or more payment accounts held by the payment service user with either another payment service provider or with more than one payment service provider”

Although disintermediating banks in some transactions is noteworthy, a more significant change comes by the requirement for banks to release valuable customer information to third parties so they can use it to offer consumers with value-adds that banks and other financial institutions are not currently in a position to provide. An AIS will allow consumers and businesses to obtain a consolidated view of their accounts and to use tools to analyse their transactions and spending patterns. Historically, access to customer financial data has been an asset closely guarded by banking institutions. With PSD2 the opening up of this data to customer approved third parties is a potential threat whereby third-party organisations can now access this valuable banking data without having to undergo the process of becoming a bank.

As we know, banks maintain detailed data customer purchases, transfers and mortgage repayments. Previously hidden from view, this information could potentially be used to calculate the behaviours and risk of a particular individual whilst identifying relevant marketing information. Banks on the other hand are limited in using the data only to provide the specific banking services the customer has signed up for. Unless of course a bank obtains explicit consent from each customer to use this data for ancillary services such as marketing.

This is a European-wide shift in terms of the accessibility of customer data for third parties. For banks this is bad news whilst for new entrants this is good news. For fast acting companies the ability to out manoeuvre the incumbents presents an opportunity for market entry.

Advantage Lost?

PSD2 has the potential to upend the competitive landscape in the retail banking space. It is easy to reason how this new directive could in time erode previous barriers to entry in certain areas thus requiring banks to quickly innovate whilst adjusting (often radically) their standard operating models with respect to innovation and time to market. If banks can’t iterate quickly, the new non-bank entrants will.

This should give banks reason for concern. Ultimately, this could see some becoming largely commodity players with limited value beyond the utility of their deposit taking and lending activities. Unable to compete on service, some banks could engage in a race to the bottom as they compete largely on price whilst information aggregators (AIS) provide the value adding services over the top.

It is important to keep in mind that the European Commission has stated that a core tenet of this directive is to introduce more competition into the retail banking space. Although the ultimate endgame is currently unknown, it is reasonable to expect that in time we will see that some previous competitive advantages will be relinquished to those companies who can quickly adapt to what the market throws at them. More entrants will join the market. It is unlikely that the traditional banks will benefit unless they can change their ways.

A Simple Scenario

We can see that PIS can make payments on behalf of a user whilst accessing full transactional details of a user’s account. This opens the gateway for a third party internet banking service to operate which aggregates account and payment information into a unified service. This could also include cross border accounts. For users with multiple accounts, such a service could provide superior user experience whilst providing a far more holistic product offering with both vertical and horizontal integration. Although the production of such a system would be a large undertaking, it it that far fetched? Moreover, could a traditional bank compete with this?

Moving forward

Rather than waiting for the inevitable, banks currently have the upper hand to get on the front foot by creating their own web based services. Three such strategies could include:

Integrating cross bank services: This takes an existing service and integrates third party bank information to give a richer view of the customer’s financial situation.

Partnerships: Working with partners may be a way to circumnavigate the current restrictions placed on banks with respect to the usage of customer data and the “up-selling” of new products.

Data: Utilising APIs to monetise customer data. Could enhanced data sets be sold at a price? What about customer data security?

Conclusion

PSD2 presents both a threat and an opportunity. If retail banks can’t improve their online service offering to offer both horizontal and vertical integrations, they risk becoming mere utilities in the competitive landscape. On the other hand, those banks which are willing to change and which can offer new yet innovative services stand to benefit immensely. Whichever way you look at it, the marketplace is going to look differently before long.

References

Payment Services Directive 2 - Articles 66, 67 & 68 are of particular interest

EU banking and financial services law

The Second Payment Services Directive - A briefing from Payments UK