With just over a month to go till PSD2 (Payments Services Directive) comes into effect, there is a lot of buzz about the upcoming regulation. In this post i summarise what i learnt from the PwC report on bank PSD2 readiness: Waiting until the Eleventh Hour. Even though the PwC study is a couple of months old, I’m guessing their general findings are still about right. Check out the PwC report for full details.
What is the PSD2 Regulation?
Check out my posts: 5 Things You Need to Know about PSD2 and Probably the Best PSD2 Infographic in the World. PwC describe PSD2, the revised Directive on Payment Services in Europe as a regulation that enables simpler, quicker and more secure payments by:
- Encouraging innovation by TPPs – Third Party Payment Service Providers
- Increasing payment security using SCA – Strong Customer Authentication
- Standardising payment systems and processing across Europe
How will PSD2 deliver Innovation, Enhanced Security and Standardisation?
- Innovation by introducing new providers:
- ASPSP – Account Servicing Payment Service Providers
- AISP – Account Information Service Providers
- PISP – Payment Initiation Service Providers
- Standardisation by establishing transaction fee limitations and specific rules around refunds
- Mandating that European banks allow third party providers to access their payment infrastructures and customer data
- To state the blinding obvious, this is the big one that tech companies are getting excited about – the banks, less so
What’s Next in the PSD2 Timelines?
- 21st November 2017 – SEPA Instant payments went live across the euro-zone
- 13th January, 2018 – all EU member states must implement PSD2 into their national law/regulation – PSD2 Go Live
- PwC describe this as the date “when banks’ monopoly over customer account information and payment services will cease“
- September 2019 – PSD2 security measures indicated in the RTS (Regulatory Technical Standards) will go live – this part of PSD2 requires the:
- Implementation of Secure Customer Authentication (SCA)
- Provide third party providers Access To their customers Accounts (XS2A)
PwC Finding 1 – Oh isht, the Banks are NOT Ready!
PwC:
- Warn “The world is going to change radically for banks after January 2018 – but given the lack of readiness at many banks you wouldn’t know it“
- Highlight that most banks recognise that PSD2 will impact all areas of the bank, and will require new technology
- At the beginning of the year banks were:
- 38% in the Assessment stage
- 47% in the Design phase
- 9% in the Implementation phase
- Although a recent (not sure when) catch up highlighted that most of the bigger banks were moving into the Design and Implementation phases
- Remind us that 2018 will be a busy year with both the PSD2 Regulation and GDPR (General Data Protection Regulation) coming into force, and the complex dependencies each new regulation has on another
- “Open Banking” is new territory folks, banks have not historically given third parties access to their payment rails or shared customer data using APIs (Application Programming Interfaces)
- PwC propose that only 47% of banks are involved in open-banking
- Advise banks to prepare an appropriate strategy to prevent themselves or portions of their business from being eaten up by customer focused third-party providers
PwC Finding 2- PSD2 Will Enable New Opportunities for Banks, but Not Yet!
The PwC study:
- Found that 2 out of 3 banks are looking to use PSD2 to change their “strategic positioning”
- Suggest that banks play to their strengths and consider new business opportunities
- 4 key strategic opportunities emerge and banks indicate they are moving towards these:
- Bank as a Platform Aggregator (50%)
- Bank as a Aggregator (29%)
- Bank as a Platform (14%)
- Compliant player (7%)
- Prompt banks to think about
- What, and how much of a, role they wish to play in the open-banking environment
- Developing products and services which they believe are central to the bank, and reaching out to third party providers for additional services/products
- The reality:
- And at this stage, most banks just want to ensure PSD2 compliance and will wait and see which strategic direction they wish to move in
- PSD2 is seen as a “niche topic” at banks, and is not really getting top management level visibility, which in turn means that PSD2 does not feature in bank strategy discussions
PwC Finding 3- PSD2 Compliance and Strategy Best Practices
PwC suggest the following next steps:
- Compliance Best Practices:
- Recognise the Jan-2018 and Sept-2019 deadlines and plot out the necessary steps that will ensure PSD2 compliance
- PSD2 will change the customer journey and processes, understand the impact on the banks operating model
- Know what aspects of PSD2 are critical – for example SCA and the use of APIs
- Strategy Best Practices:
- Senior leaders need to understand the implications of Open Banking / PSD2 and use that to guide the banks strategy
- Strategic approach of the bank requires a small, forwarding thinking team – not the same team that is focusing on PSD2 compliance
- Compliance and Strategy teams need to work together so they are aligned
- PSD2 and the new era of Open Banking should be seen as an opportunity to implement and offer new business models/products/services and thinking of banking in a new and innovative way
Pingback: PSD2: move with the times or get out of the race - AccessPay