PSD2: Boon or Bane in the world of Open Banking

To many, the term Open Banking itself may be a misnomer as the concept involves banks giving end customers more control over the way their data is collected, used and shared with organisations who provide competing financial products and services.

This, as we know, is not how banks are used to working.

Open Banking as a principle is great for end users and the general public as it massively increases competition and thereby the number of options (and service standards) that are available to them.

PSD2, Open Banking, Compliance

PSD2 (Revised Payment Service Directive), the EU’s directive aimed at creating a more integrated and efficient European payments market was initially published in January 2016 and to a large extent is the driving force behind Open Banking in Europe. Its reach however is way beyond payments with Access to Customer Accounts (X2SA) being one of the areas of greatest transformational impact.

In the UK, while the FCA (Financial Conduct Authority) itself remains the competent authority for PSD2, the directive is implemented through the Payment Services Regulations 2017 which took effect on 13th January 2018 along similar timelines as most of Europe.

Banks here have been given a bit of a head start through the Open Banking Working Group (OBWG) who in 2016 published the Open Banking Standard (OBS) framework along with Barclays. This initial report was followed up by the Competition and Markets Authority funding the UK’s Open Banking Implementation Entity (OBIE or Open Banking Limited), essentially laying the foundations for banks in the UK to adopt PSD2.

What this means is that customers already have the legal right to use an authorised Third Party Provider (TPP) who has access to their payment account information and consent to initiate payments on their behalf. In reality, there is time till September 2019 before other parts of the PSD2 become fully applicable and we can expect to see the real impact.

While changes brought about by PSD2 are great from an end-customer perspective, it is not the same for banks. A number of changes are required to the way banks operate and many are understandably viewing PSD2 as a threat to their business and age-old revenue streams.

These concerns are not unfounded as this is precisely what Open Banking is intended to facilitate – more innovation and competition.

The changes required to be implemented by banks are manifold and have far reaching impact, right from areas covering Technology, Operations, Compliance, Data Privacy, Security and end user interfaces.

Just to make matters worse there are many competing standards being developed in different countries (Berlin Group, STET, OBUK and others) to cover critical angles such X2SA, Strong Customer Authentication and Secure Communications, including the API specifications themselves along with aspects such as TPP registries and Trust services.

However if you look hard at these seemingly grey clouds there is more than a silver lining, and an opportunity for banks to reinvent themselves to become absolutely core to the customers’ digital life.

The world’s economy has changed significantly over the last few decades with the Fortune leaderboards being overtaken by companies like Facebook, Amazon, Google, Apple and Uber. In a world where customer experience, product and trust are key, traditional banks have a huge advantage which should not be underestimated.

 T R U S T

PSD2 is a bit of a wake up call, but does not need to be all doom-and-gloom. Traditional banks are in a better position than any of the startups, challenger banks and competitive TPP service providers to make use of the opportunity, so long as they are willing to recognise the threats; view PSD2 as more than just a regulation to comply with; come face-to-face with the new digital world and start transforming themselves.

Banks have also had other directives to deal with till now including the GDPR (General Data Protection Regulation) and potentially MiFID II and Ring-fencing. With just 12 months to go for all the infrastructure to get put in place and tested, there is a lot of technology related ground-work to cover, and many are just getting started.

Middleware and API Management specialist Fiorano has taken a lead, combining years of expertise integrating core banking systems all over the world with a deep understanding of the European Banking Authority’s RTS itself and PSD2 standards from both Open Banking UK and the Berlin Group. Fiorano’s PSD2 Accelerator framework incorporates all the technology a bank needs to meet PSD2 obligations rapidly, irrespective of standard chosen.

We see PSD2 as the beginning of a new world of banking, in many cases being the trigger point for real digital transformation in the banking industry. While the GDPR and data privacy are common underlying themes, it is elements like API Computing, Automation, AI and Cognitive services that are likely to drive competitive differentiation over the coming years.

For more details, visit or  Get In touch Fiorano to speak to our specialists.