The Revised Payments Directive (PSD2) prescribes the provision of proprietary account and payment information from banks to third parties such as payment initiation service providers (PISPs) or account information service providers (AISPs) subject to customer consent. It is intended to increase competition and innovation in the industry, creating a level playing ﬁeld for banks and third parties alike, for the ultimate beneﬁt of the customer. By Kanika Hope, Strategic Business Development Director, Europe – Temenos
It is widely believed that PSD2 could lead to banks’ losing their direct relationship with their customers. The directive also poses an associated data access and reputational risk to incumbent banks who cannot afford to compromise their traditional roles as custodians of customer’s ﬁnancial data. However, compared to their nontraditional competitors, banks still possess the critical 3C’s – customers, compliance and capital. Above all, they still hold customers’ trust. According to Accenture’s PSD2 UKI Banking Customer Survey 1, 70% of respondents would not trust a third party as much as a bank with their data. Therefore, PSD2 provides banks with a unique opportunity, should they choose to exploit it.
Banks can respond to PSD2 in three ways:
➊ Comply with the directive: Provide access (Xs2A) to the prescribed account and payment data to third parties via both RESTful APIs and ISO messages, fulﬁl transparency requirements by providing required payment information to the payer both before and after the transaction, support one leg transactions, and provide security and authentication in accordance with the PSD2 Regulatory Technical Standards (RTS) issued by the European Banking Association (EBA). This option risks banks becoming a utility while the customer experience is owned by the third parties.
➋ Monetise access: Provide access to additional data and insight beyond what is stipulated by PSD2 and charge for it, creating new revenue streams e.g., data for loans, mortgages, standing orders or direct debits. The data could also be provided more frequently at an additional charge e.g., balance updates for cash management provided hourly or each time the balance changes. Banks can optionally create API marketplaces where API providers can publish open APIs that can be accessed and consumed by third parties. ey are still in danger of being disintermediated from the end-customer.
➌ Transform the business model: Become a payment initiation or account information service provider aggregating own and additional value added products and services from third parties. The availability and transparency of information from third parties in addition to the vast customer data they themselves hold, would enable banks to use the power of predictive analytics to truly differentiate their offers and to provide customers valuable advice. In the 2015 FIS/Finextra survey, 77% of respondents agreed that PSD2 offers banks the opportunity to become a third party provider themselves.
PSD2 is widely seen as a catalyst for the wider trend of open banking across the globe i.e. the emergence of common standards for banks and third parties to collaborate within the banking ecosystem. Beyond PSD2, open banking could lead to the rise of platform models for banking services where banks act as market intermediaries connecting customers, manufacturers and distributors. PSD2 and open banking pose signiﬁcant technology challenges for incumbent banks, especially those with legacy based IT architectures. The complexity of multiple interfaces and systems in a legacy landscape makes it both costly and time-consuming to extract the data required for open APIs. The next biggest concern is security, speciﬁcally the EBA’s requirement for strong (2-factor) customer authentication and secure exchange of customer and ﬁnancial data between organizations over the internet. Moreover, when banks open up for data access to third parties, the volume of queries on the customer and transactions data they own is expected to increase several fold. PSD2 also cements the need for banks to make systems available 24*7 and provide real-time access. Without this capability, banks will struggle to provide accurate balances within acceptable timeframes and support real-time 24×7 payment execution for the end-customers of third-parties.
We believe that our job as Temenos is to give our banking clients the greatest ﬂexibility, whichever strategic option for PSD2 they choose. Our integrated front to-back API-based solution architecture will deliver:
➊ The complete set of open APIs for Xs2A as well as for all the retail, commercial and wealth banking products serviced by Temenos. We will also provide banks with tools and frameworks to extend and customize the pre-delivered APIs and to design and publish their own speciﬁc APIs.
➋ A multi-layer security framework (2-factor authentication, authorization, access control and non-repudiation services) through our own and partner solutions.
➌ Scalability and performance assured by the underlying design of the reporting database that handles queries much faster than the operational database.
➍ Real-time processing and 24×7 availability both of which are intrinsic features of the Temenos solution.
By allowing banks to collaborate with multiple partners ﬂexibly and seamlessly via open APIs, we want to ensure that technology not only does not constrain banks’ desired business models but gives them an advantage over their competitors who are either grappling with the cost and complexity of legacy-based architectures or working with unproven yet-to-scale API-based technologies being brought to market by new entrants.