How PSD2 is changing open banking [Q&A]
Compliance with the EU Payments Services Directive (PSD2) is the next key milestone in the continued evolution of open banking. This evolution involves a new set of rules that will change how we confirm our identity when making purchases online.
The implementation of strong customer authentication (SCA), on top of existing open banking capabilities, will require merchants and payment service providers (PSPs) to work together with technology suppliers, card schemes and many others to deliver SCA in a way which works well for customers.
We talked to Eyal Sivan, head of open banking at Axway, about how open banking is heralding a new era of innovation and about the significant challenges that remain.
BN: What's the difference between open banking and PSD2?
ES: PSD2 is the legislation that ultimately led to open banking. It was a follow up to PSD, which is the payment services directive which came out of SEPA, the EU payments entity, whose mandate was to unify payments across the EU.
In many ways, PSD2 is the goal that was originally set out in PSD -- it sets out what the EU expected the financial sector to do in order to empower consumers to create more innovation, and unify the financial ecosystem in a way that all the different players could talk to each other easily and securely.
PSD2 gave financial institutions a list of things they needed to achieve -- but it never explicitly prescribed a solution, certainly not one with APIs at the heart. It was only once organizations got to the other side of that equation, with the industry thinking about how to solve that problem, that it became clear that APIs were the answer. The open banking standards, which are based on APIs, were the answer to meeting the PSD2 regulation.
BN: Why is PSD2 so important?
ES: Because it has shaken up the financial sector in Europe -- and ultimately across the entire world -- and it did so by doing a couple of things.
First, it highlighted a digital disparity between industries. Sectors like tourism, transportation, manufacturing and so on, were digitizing hand over fist and becoming more efficient and more in tune with the digital lives of consumers. But financial services, a hugely critical sector, seemed to be stuck in the mud -- consumers still having to go into branches and fill out reams of paper to get loans and mortgages. While apps for top end banks appeared respectable, it was not the case for the mid-tier or long tail of institutions. To address this, a part of what PSD2 did was to say: "Hey, this is not good enough. You guys are resting on your laurels. You're not keeping up with the kind of innovation that consumers demand. You've got to do better."
The second important thing PSD2 did -- and this is not something that exists in all open banking movements -- was to say consumers have a right to their data. For the first time there was legislation that said a particular class of data -- in this case financial data -- belonged to the user who had generated it. This immediately led to some very profound discussions between European legislatures about what it means to own your data, and what kind of rights individuals have to that data, specifically in terms of leveraging it to create value and moving it around -- commonly referred to as 'portability'.
BN: What do these changes mean for banks -- what are the key challenges?
ES: PSD2 addressed the data ownership issue head on, and that challenged the banks, and the other players in the financial services ecosystem, to build a solution that would allow for data portability and data ownership to happen in the digital world. And that's indeed what they did. Data ownership and portability are the most important parts of the open banking specifications -- how to capture consent to share data, and how to empower consumers to control that consent.
In order to comply with PSD2, fundamentally, banks have to change their mindset. And this is the single biggest challenge.
Historically, banks have looked at their market in terms of concepts like wallet share and products-per-customer. For most banks, the ideal is that a single customer does all of their banking and gets all of their financial services needs addressed by their institution and that they stay in that bank's ecosystem as much as possible. Banks then proceed to compete with each other on this wallet share or product-per-customer target.
But this is a walled garden approach -- it presumes that a given bank, even the largest, can meet all of an individual's unique financial services needs, and always has the best products for all of those needs. In today's digital world, especially with the rise of fintech, it is impossible for a single institution to provide its customers with everything they could possibly need. There are just too many choices -- too many interesting new ways to move money around, invest money, or manage money.
So the mindset shift that banks will have to come to is to tear down those walls and understand that they are a player in a broad ecosystem of financial services. Rather than trying to draw customers to them, they need to let them live their digital lives, and make sure that whenever they need banking services, their bank just shows up in whatever digital context they happen to be needed. Then, when they are no longer needed, they quietly disappear again. This is a notion that has come to be known as 'embedded finance'.
Digitization is happening whether financial institutions like it or not. The questions they should be addressing now are; What am I in that new open ecosystem? What kind of platform do I want to provide? And what kind of capabilities do I want to expose via APIs to embed myself into all of these digital contexts?
BN: How can consumers become a part of this and how's it going to impact their lives?
ES: To quote a guest on my Mr Open Banking podcast, David Brear, founder of 11:FS: "If you talk to a consumer about data ownership, and the fact that you have a right to your data, and part of that is your financial data, and you should be interested in your rights in this regard and so on; frankly, a lot of people's eyes glaze over. They don't quite understand or care what it is you're on about in terms of data ownership and data rights."
"However, the second you start to say, 'How would you like to see all your bank accounts in one place?' or, 'How would you like to move money instantly and for free -- between one bank account to another or internationally?' or, 'How would you like to tap a few buttons on your smartphone and have your savings be automatically and intelligently invested without you having to manage those investments at all?' Suddenly, people pay attention. The conversation for consumers needs to be about their money; the utility of it and how they can save more of it, or pay for things in a more intelligent way and invest better. It's a completely different conversation."
What consumers do need to understand is that financial services are going through major changes and there are now ways to do these things with money that previously didn't exist. Consumers should absolutely know about these things because they are going to allow them to take better care of their money and improve their financial situation, which is directly linked to their well-being.
BN: If banks are falling behind as open banking evolves, how can technology help them close the gap?
ES: There is no question that technology is the only way to close this gap. As I mentioned earlier, when PSD2 said financial institutions needed to be more innovative and allow for more portability of customer information, the answer was standardized APIs to support the secure exchange of financial data. That's essentially what open banking is.
Banks need to think of themselves more and more as technology companies, and as financial platform providers. Many modern banks are fond of saying 'APIs are products', but that begs the question: 'Who is your most important customer?' The answer must come back, 'developers', because it is developers that will decide which of these platforms, and which of these APIs, are going to get used and which ones are going to be discarded. Treating them like real customers, in the same way you would treat someone looking for a mortgage or for a credit card, is critical to success in open banking.
BN: How can an API-first strategy help the development and growth of a modern IT infrastructure built for open banking?
ES: An API-first strategy means, before building the backend systems, first invest in developing a really strong API. APIs are the glue that enables systems to talk to each other -- the interface not just between software and other software, but between the developers and the software. It is the way that a third party developer, the new most important customer, talks to the organization. This means a lot of thought has to be put into the developer experience: Ensuring that the API is easy to use and understand, that it is easy for them to incorporate into their own code, and a place where they can identify areas where the API could be improved or extended. All of this is part of creating a positive developer experience.
An API-first strategy means putting that investment in upfront to make sure that experience is as good as it can be. Once that interface is established then the backend will work according to that specification.
BN: So what's next for open banking?
ES: Open banking is the thin end to a much larger wedge. It is the beginning of a transition to a world where everyday consumers understand that their data has utility, and understand that they have certain rights related to that data. Specifically, that they can move it around and use it in various ways that are transparent and secure and enforceable. This transition is beginning with banking because our financial data is critical to our well-being, therefore it is the logical place to start.
Financial data is fundamentally different from the type of data that exists over at Facebook or Twitter. It's in the same category as tax data, or healthcare data -- something that consumers expect to have certain protections and rights towards. As people start to expect the same level of protection and utility for more and more sets of data that are related to them, we will see a couple of things happen.
First, we will see the expansion of open banking specifications and regulations to cover more than just retail banking products. Today, the regimes that are in place are limited to retail banking products and consumer payments. But we are already starting to see activity that extends those regimes into open investments, open insurance, and other sectors of the financial services ecosystem. This is what has broadly come to be known as 'open finance'.
Second, this expansion will broaden to cover completely different sectors of the economy -- not just financial services. Australia was very much at the forefront of this widening of the 'wedge' because of how they approached their open banking regulation, known as the Consumer Data Right or CDR. The CDR supports cross-economy data sharing from its inception. Other regions, like the UK and Brazil, are also starting to investigate how to broaden their own standards to support other parts of the economy, such as telecom or health care or energy. This future is what some people call 'open data' but at Axway, we like to use the term 'open everything'.
Image credit: Rawpixel/depositphotos.com