However, just as Apps have changed how we interact with each other in our lives today, PSD2 (Payment Services Directive 2) and APIs (Application Programming Interfaces) are about to change how we interact with banks and how they operate. Just as third party Apps on your phone can access location, contacts and photos, so too will your chosen Apps for buying goods and managing your money be able to access account information.
PSD2, which comes into force at the start of 2018, introduces two new concepts:
I. PISPs: Payment Initiation Service Providers - Providers will (once allowed by the user) have direct access to bank accounts and enable direct online payments from the bank account without the need for a card.
II. AISPs: Account Information Service Providers – Providers will provide customers with a consolidated view of all their bank accounts (e.g. mortgage, life insurance, current accounts, pension) with a single login.
The implications for banks are:
Enhanced Competitive environment:
• Banks will be more open to competition from non-bank entities and the large number of disruptors in the market.
• The monopoly that banks had on customer data and account information will be eroded.
• The cross-sell opportunities that banks had for other products, given full access to data, will be reduced.
• Banks will need to strategically think about what business they want to carry out and how they’re going to differentiate themselves.
• There are complex challenges ahead to enable the banks' systems and infrastructure support this API-led environment
• The expensive account opening (AML/KYC), account management and account maintenance may be all that remains with the bank with all other services being done through other parties’ APIs.
However, it won't all be a "free-ride" for the disruptors as a number of rules within PSD2 mean that they will also have to change their operations.
The implications for competitor disruptors are:
Increase regulatory scope:
• One-leg transactions for cross-currency payments outside of the EU are now in scope.
• Any breaches must be reported directly to the regulators adding a layer of organisational complexity.
• Introduction of two-factor authentication based on at least two of the following elements: knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is).
• The European Banking Authority (EBA) is developing guidelines to establish the minimum funds to be held by:
• PISPs to ensure they can cover liabilities from their transactions;
• AISPs against potential liability from unauthorised or fraudulent access to account information.
To manage the implications of PSD2 and reduce the disruption, banks must look to address the implications whilst leveraging their market position in order to compete effectively. Managed well, the new services under PSD2 can be a clear market differentiator and additional revenue stream for retail banks in the years to come.