How Ready are Banks for the PSD2 Regulation by PwC 1

With just over a month to go till PSD2 (Payments Services Directive) comes into effect, there is a lot of buzz about the upcoming regulation. In this post i summarise what i learnt from the PwC report on bank PSD2 readiness: Waiting until the Eleventh Hour. Even though the PwC study is a couple of months old, I’m guessing their general findings are still about right. Check out the PwC report for full details.

What is the PSD2 Regulation?

Check out my posts: 5 Things You Need to Know about PSD2 and Probably the Best PSD2 Infographic in the World. PwC describe PSD2, the revised Directive on Payment Services in Europe as a regulation that enables simpler, quicker and more secure payments by:

• Encouraging innovation by TPPs – Third Party Payment Service Providers
• Increasing payment security using SCA – Strong Customer Authentication
• Standardising payment systems and processing across Europe

How will PSD2 deliver Innovation, Enhanced Security and Standardisation?

• Innovation by introducing new providers:
  • ASPSP – Account Servicing Payment Service Providers
  • AISP – Account Information Service Providers
  • PISP – Payment Initiation Service Providers
• Standardisation by establishing transaction fee limitations and specific rules around refunds
• Mandating that European banks allow third party providers to access their payment infrastructures and customer data
  • To state the blinding obvious, this is the big one that tech companies are getting excited about – the banks, less so

What’s Next in the PSD2 Timelines?

• 21st November 2017 – SEPA Instant payments went live across the euro-zone
• 13th January, 2018 – all EU member states must implement PSD2 into their national law/regulation – PSD2 Go Live
  • PwC describe this as the date “when banks’ monopoly over customer account information and payment services will cease“
• September 2019 – PSD2 security measures indicated in the RTS (Regulatory Technical Standards) will go live – this part of PSD2 requires the:
  • Implementation of Secure Customer Authentication (SCA)
  • Provide third party providers Access To their customers Accounts (XS2A)

PwC Finding 1 – Oh isht, the Banks are NOT Ready!

PwC:

• Warn “The world is going to change radically for banks after January 2018 – but given the lack of readiness at many banks you wouldn’t know it“
• Highlight that most banks recognise that PSD2 will impact all areas of the bank, and will require new technology
• At the beginning of the year banks were:
  • 38% in the Assessment stage
  • 47% in the Design phase
  • 9% in the Implementation phase
  • Although a recent (not sure when) catch up highlighted that most of the bigger banks were moving into the Design and Implementation phases
• Remind us that 2018 will be a busy year with both the PSD2 Regulation and GDPR (General Data Protection Regulation) coming into force, and the complex dependencies each new regulation has on another
• “Open Banking” is new territory folks, banks have not historically given third parties access to their payment rails or shared customer data using APIs (Application Programming Interfaces)
  • PwC propose that only 47% of banks are involved in open-banking
• Advise banks to prepare an appropriate strategy to prevent themselves or portions of their business from being eaten up by customer focused third-party providers

PwC Finding 2- PSD2 Will Enable New Opportunities for Banks, but Not Yet!

The PwC study:

• Found that 2 out of 3 banks are looking to use PSD2 to change their “strategic positioning”
• Suggest that banks play to their strengths and consider new business opportunities
• 4 key strategic opportunities emerge and banks indicate they are moving towards these:
  • Bank as a Platform Aggregator (50%)
  • Bank as a Aggregator (29%)
  • Bank as a Platform (14%)
  • Compliant player (7%)
• Prompt banks to think about
  • What, and how much of a, role they wish to play in the open-banking environment
  • Developing products and services which they believe are central to the bank, and reaching out to third party providers for additional services/products
• The reality:
  • And at this stage, most banks just want to ensure PSD2 compliance and will wait and see which strategic direction they wish to move in
  • PSD2 is seen as a “niche topic” at banks, and is not really getting top management level visibility, which in turn means that PSD2 does not feature in bank strategy discussions

Source: PwC – Waiting until the Eleventh Hour European banks’ reaction to PSD2

PwC Finding 3- PSD2 Compliance and Strategy Best Practices

PwC suggest the following next steps:

• Compliance Best Practices:
  • Recognise the Jan-2018 and Sept-2019 deadlines and plot out the necessary steps that will ensure PSD2 compliance
  • PSD2 will change the customer journey and processes, understand the impact on the banks operating model
  • Know what aspects of PSD2 are critical – for example SCA and the use of APIs
• Strategy Best Practices:
  • Senior leaders need to understand the implications of Open Banking / PSD2 and use that to guide the banks strategy
  • Strategic approach of the bank requires a small, forwarding thinking team – not the same team that is focusing on PSD2 compliance
  • Compliance and Strategy teams need to work together so they are aligned
  • PSD2 and the new era of Open Banking should be seen as an opportunity to implement and offer new business models/products/services and thinking of banking in a new and innovative way