How Ready are Banks for the PSD2 Regulation by PwC 1

With just over a month to go till PSD2 (Payments Services Directive) comes into effect, there is a lot of buzz about the upcoming regulation. In this post i summarise what i learnt from the PwC report on bank PSD2 readiness: Waiting until the Eleventh Hour. Even though the PwC study is a couple of months old, I’m guessing their general findings are still about right. Check out the PwC report for full details.

What is the PSD2 Regulation?

Check out my posts: 5 Things You Need to Know about PSD2 and Probably the Best PSD2 Infographic in the World. PwC describe PSD2, the revised Directive on Payment Services in Europe as a regulation that enables simpler, quicker and more secure payments by:

  • Encouraging innovation by TPPs – Third Party Payment Service Providers
  • Increasing payment security using SCA – Strong Customer Authentication
  • Standardising payment systems and processing across Europe

How will PSD2 deliver Innovation, Enhanced Security and Standardisation?

  • Innovation by introducing new providers:
    • ASPSP – Account Servicing Payment Service Providers
    • AISP – Account Information Service Providers
    • PISP – Payment Initiation Service Providers
  • Standardisation by establishing transaction fee limitations and specific rules around refunds
  • Mandating that European banks allow third party providers to access their payment infrastructures and customer data
    • To state the blinding obvious, this is the big one that tech companies are getting excited about – the banks, less so

What’s Next in the PSD2 Timelines?

  • 21st November 2017 – SEPA Instant payments went live across the euro-zone
  • 13th January, 2018 – all EU member states must implement PSD2 into their national law/regulation – PSD2 Go Live
    • PwC describe this as the date “when banks’ monopoly over customer account information and payment services will cease
  • September 2019 – PSD2 security measures indicated in the RTS (Regulatory Technical Standards) will go live – this part of PSD2 requires the:
    • Implementation of Secure Customer Authentication (SCA)
    • Provide third party providers Access To their customers Accounts (XS2A)

PwC Finding 1 – Oh isht, the Banks are NOT Ready!


  • Warn “The world is going to change radically for banks after January 2018 – but given the lack of readiness at many banks you wouldn’t know it
  • Highlight that most banks recognise that PSD2 will impact all areas of the bank, and will require new technology
  • At the beginning of the year banks were:
    • 38% in the Assessment stage
    • 47% in the Design phase
    • 9% in the Implementation phase
    • Although a recent (not sure when) catch up highlighted that most of the bigger banks were moving into the Design and Implementation phases
  • Remind us that 2018 will be a busy year with both the PSD2 Regulation and GDPR (General Data Protection Regulation) coming into force, and the complex dependencies each new regulation has on another
  • “Open Banking” is new territory folks, banks have not historically given third parties access to their payment rails or shared customer data using APIs (Application Programming Interfaces)
    • PwC propose that only 47% of banks are involved in open-banking
  • Advise banks to prepare an appropriate strategy to prevent themselves or portions of their business from being eaten up by customer focused third-party providers

PwC Finding 2- PSD2 Will Enable New Opportunities for Banks, but Not Yet!

The PwC study:

  • Found that 2 out of 3 banks are looking to use PSD2 to change their “strategic positioning”
  • Suggest that banks play to their strengths and consider new business opportunities
  • 4 key strategic opportunities emerge and banks indicate they are moving towards these:
    • Bank as a Platform Aggregator (50%)
    • Bank as a Aggregator (29%)
    • Bank as a Platform (14%)
    • Compliant player (7%)
  • Prompt banks to think about
    • What, and how much of a, role they wish to play in the open-banking environment
    • Developing products and services which they believe are central to the bank, and reaching out to third party providers for additional services/products
  • The reality:
    • And at this stage, most banks just want to ensure PSD2 compliance and will wait and see which strategic direction they wish to move in
    • PSD2 is seen as a “niche topic” at banks, and is not really getting top management level visibility, which in turn means that PSD2 does not feature in bank strategy discussions

Source: PwC – Waiting until the Eleventh Hour European banks’ reaction to PSD2

Thanks for stopping by – Take a look around…!!

PwC Finding 3- PSD2 Compliance and Strategy Best Practices

PwC suggest the following next steps:

  • Compliance Best Practices:
    • Recognise the Jan-2018 and Sept-2019 deadlines and plot out the necessary steps that will ensure PSD2 compliance
    • PSD2 will change the customer journey and processes, understand the impact on the banks operating model
    • Know what aspects of PSD2 are critical – for example SCA and the use of APIs
  • Strategy Best Practices:
    • Senior leaders need to understand the implications of Open Banking / PSD2 and use that to guide the banks strategy
    • Strategic approach of the bank requires a small, forwarding thinking team – not the same team that is focusing on PSD2 compliance
    • Compliance and Strategy teams need to work together so they are aligned
    • PSD2 and the new era of Open Banking should be seen as an opportunity to implement and offer new business models/products/services and thinking of banking in a new and innovative way


One comment on “How Ready are Banks for the PSD2 Regulation by PwC

  1. Pingback: PSD2: move with the times or get out of the race - AccessPay

Leave a Reply




This site uses Akismet to reduce spam. Learn how your comment data is processed.