PSD2 | Fiorano Blog

Now that we are in November 2018, the PSD2 Regulatory calendar leaves banks with just 4 1/2 months before the March 2019 deadline to publish (ASPSP) sandboxes for testing. It is not as simple as just publishing APIs though as there are multiple technology components required to do this properly. It will come as no surprise that the operating model PSD2 will enforce is completely unlike the way Retail Banks are used to working and unlike the way consumers are used to interacting with them.

With the Europe Banking Authorities Regulatory Technical Standard (the PSD2 RTS) understandably not being prescriptive about how banks should go about enabling aspects such as Access to Account (XS2A), Strong Customer Authentication (SCA) and Common and Secure channels of Communication (CSC), the technology requirements themselves can seem overwhelming. The core issue many banks are facing today is around being able to put in-place the technology components to meet March and September 2019 obligations in-time, yet still be able to adapt, flex and launch new products and services with minimal change as the TPP market develops.

The absolute must-haves required by banks include separate applications for:

(i) Core Banking Integration

(ii) API Management

(iii) Identity and Access Management

(iv) Security

Introducing just one piece of new technology to a bank can sometimes be overwhelming. In the case of PSD2, depending on what an individual bank may already have, introducing three or four almost becomes a programme in itself, with associated complexity, timelines and costs associated. With so little time left, Fiorano has been working to be able to provide banks with regulation specific technology that can be implemented rapidly, and yet meet the PSD2 timelines.

So how does Fiorano do it?

Built on top of class leading Fiorano MQ, Middleware and API Management technology, the Fiorano PSD2 Accelerator brings together all the components banks require to deliver ASPSP interfaces in a single, easy-to deploy technology product which covers all the functional requirements around XS2A, CSC, SCA and Security.

This uniform, single platform delivers easy integrations and light-weight maintenance, guaranteeing to be the fastest and most efficient route for banks to deliver ASPSP interfaces. To top it all, the Fiorano PSD2 Accelerator also incorporates PSD2 specific limits, thresholds and exemptions as visually-configurable components, which means banks implementing Fiorano will not require super-specialists to manage the environment post implementation.

Interested? To learn more about how you can still meet the regulatory timeline using the Fiorano PSD2 Accelerator, come meet Fiorano at stand 15 at the Open Banking Expo taking place at the America Square Conference Centre in London on 27^th November. If it can’t wait till then, contact us or email us now at psd2compliance@fiorano.com and we will be in touch immediately.

To many, the term Open Banking itself may be a misnomer as the concept involves banks giving end customers more control over the way their data is collected, used and shared with organisations who provide competing financial products and services.

This, as we know, is not how banks are used to working.

Open Banking as a principle is great for end users and the general public as it massively increases competition and thereby the number of options (and service standards) that are available to them.

PSD2 (Revised Payment Service Directive), the EU’s directive aimed at creating a more integrated and efficient European payments market was initially published in January 2016 and to a large extent is the driving force behind Open Banking in Europe. Its reach however is way beyond payments with Access to Customer Accounts (X2SA) being one of the areas of greatest transformational impact.

In the UK, while the FCA (Financial Conduct Authority) itself remains the competent authority for PSD2, the directive is implemented through the Payment Services Regulations 2017 which took effect on 13^th January 2018 along similar timelines as most of Europe.

Banks here have been given a bit of a head start through the Open Banking Working Group (OBWG) who in 2016 published the Open Banking Standard (OBS) framework along with Barclays. This initial report was followed up by the Competition and Markets Authority funding the UK’s Open Banking Implementation Entity (OBIE or Open Banking Limited), essentially laying the foundations for banks in the UK to adopt PSD2.

What this means is that customers already have the legal right to use an authorised Third Party Provider (TPP) who has access to their payment account information and consent to initiate payments on their behalf. In reality, there is time till September 2019 before other parts of the PSD2 become fully applicable and we can expect to see the real impact.

While changes brought about by PSD2 are great from an end-customer perspective, it is not the same for banks. A number of changes are required to the way banks operate and many are understandably viewing PSD2 as a threat to their business and age-old revenue streams.

These concerns are not unfounded as this is precisely what Open Banking is intended to facilitate – more innovation and competition.

The changes required to be implemented by banks are manifold and have far reaching impact, right from areas covering Technology, Operations, Compliance, Data Privacy, Security and end user interfaces.

Just to make matters worse there are many competing standards being developed in different countries (Berlin Group, STET, OBUK and others) to cover critical angles such X2SA, Strong Customer Authentication and Secure Communications, including the API specifications themselves along with aspects such as TPP registries and Trust services.

However if you look hard at these seemingly grey clouds there is more than a silver lining, and an opportunity for banks to reinvent themselves to become absolutely core to the customers’ digital life.

The world’s economy has changed significantly over the last few decades with the Fortune leaderboards being overtaken by companies like Facebook, Amazon, Google, Apple and Uber. In a world where customer experience, product and trust are key, traditional banks have a huge advantage which should not be underestimated.

T R U S T

PSD2 is a bit of a wake up call, but does not need to be all doom-and-gloom. Traditional banks are in a better position than any of the startups, challenger banks and competitive TPP service providers to make use of the opportunity, so long as they are willing to recognise the threats; view PSD2 as more than just a regulation to comply with; come face-to-face with the new digital world and start transforming themselves.

Banks have also had other directives to deal with till now including the GDPR (General Data Protection Regulation) and potentially MiFID II and Ring-fencing. With just 12 months to go for all the infrastructure to get put in place and tested, there is a lot of technology related ground-work to cover, and many are just getting started.

Middleware and API Management specialist Fiorano has taken a lead, combining years of expertise integrating core banking systems all over the world with a deep understanding of the European Banking Authority’s RTS itself and PSD2 standards from both Open Banking UK and the Berlin Group. Fiorano’s PSD2 Accelerator framework incorporates all the technology a bank needs to meet PSD2 obligations rapidly, irrespective of standard chosen.

We see PSD2 as the beginning of a new world of banking, in many cases being the trigger point for real digital transformation in the banking industry. While the GDPR and data privacy are common underlying themes, it is elements like API Computing, Automation, AI and Cognitive services that are likely to drive competitive differentiation over the coming years.

For more details, visit www.fiorano.com/psd2 or to speak to our specialists.

Share this:

Share this: