PSD2: Regulation, Strategy, and Innovation: PART I
This four part article will explore and provide analysis into how Banks, Financial Institutions, FinTech firms and RegTech firms are failing to capture strategic and commercial advantage through insight into the opportunities arising from the impact of revised Payment Services Directive (PSD2) and Strong Customer Authentication (SCA) implementation. This article will highlight how firms are failing to recognise these opportunities and are not effectively preparing themselves for the upcoming landscape, but are instead choosing to adopt a ‘wait and see’ approach.
Strong Customer Authentication
Across the European Union (EU) the original revised Payment Services Directive (PSD2) Strong Customer Authentication (SCA) final implementation date of 14th September 2019 has now been delayed by the European Banking Authority (EBA). It was previously noted that those in breach of the SCA law would have to provide a fallback mechanism (i.e. direct access) which was a costly investment on top of the dedicated interface, so Third Party Providers (TPPs) would have another way of accessing accounts and performing payment initiation services (Tink, 2019). Tink (2019) noted that:
“These penalties are severe because the banks who don’t comply are essentially inhibiting TPPs from offering aggregation and payment initiation services – and bank customers from taking advantage of these services. And because once it was decided this was the direction we were all going with PSD2 – toward better consumer protection, more innovation and more competition – we all became dependent on each other to get there.”
In the United Kingdom (UK) the financial services regulatory body, the Financial Conduct Authority (FCA), has now confirmed that they will delay full implementation until 14th March 2021 in order to allow time for businesses to create mitigation plans. In addition, the FCA in conjunction with UK Finance, has developed a rollout plan with staged compliance points ranging from 14th September 2019 to 14th March 2021. The extended grace period of 18 months is only applicable to any payments that are taken from within the UK, which means that if UK businesses collect cross-border payments from other countries within the European Economic Area (EEA), the SCA rules applicable to those particular EEA countries will apply.
Although for many businesses, this extended grace period will provide some much-needed breathing space, the envisaged harmonised and streamlined implementation of the PSD2 framework across the EU is now no longer in the works. Indeed, even as far back as March 2019 statistics from a survey of 442 European banks carried out by Swedish open banking platform ‘Tink’, highlighted that close to half of banks (41%) surveyed, had failed to meet the PSD2 deadline for the provision of a testing environment (i.e. sandbox) for TPPs (Finextra, 2019a).
The survey had covered 10 markets across the EU, and whilst countries such as Belgium, Finland, Germany, and Sweden all had high compliance rates above 80%, other countries such as Denmark, France, Norway, and Spain all featured lower compliance rates below 50% (Finextra, 2019a). Other countries such as the Netherlands (67%) and the UK (64%) featured compliance rates in between these two extremes.
Market Research and PSD2 New Strategic Opportunities
The widespread failures to meet such implementation deadlines highlighted, not only the sizeable burden being placed on banks to meet such tight technological implementation deadlines, but also the potential subsequent disruption to various open banking platforms and services that had been caused owing to the missed deadlines (Finextra, 2019a). In practice this has precipitated a strategic free-for-all for banks and new TPPs as the new pan-European PSD2 payments market is now up for grabs. Those banks and new TPPs that have been able to meet technological deadlines, and are eager to implement advanced PSD2 strategic initiatives in order to capitalise on first mover advantages, are leading the PSD2 pack.
In fact, Swedish Personal Finance Management (PFM) platform Tink completed a €56 million investment round in February 2019 as it prepared to roll out its business out to five new European markets (Austria, Belgium, Germany, Spain, the UK) in order to take advantage of new Open Banking rules (Finextra, 2019b). In practice, Tink is aggressively expanding its growth, and is not only set to double its European staff to 300 full-time employees by opening four new offices, but it is also set to expand its European connectivity across 20 European markets by the end of 2019 (Finextra, 2019b).
Market research has also identified the huge need for PSD2 firms to implement highly comprehensive and well-researched strategic plans, in order to capitalise on PSD2 framework developments across the EU in a timely manner. For example, a new study by ING was carried out among 1,500 Dutch citizens as part of its half-yearly Digital Monitor (Touchtech Payments, 2019). At the time the study showed that the EU’s PSD2 framework was still unknown to 82% of the Dutch population (Touthtech Payments, 2019). Before the respondents were informed of PSD2, 67% held a “negative” or “very negative” perception. This demonstrated that PSD2 firms need to think far, far beyond technological developments, and in addition need to concentrate on longer term adaptation and educational strategies for new customers in potential new markets.
Indeed, much more than that, such operational strategies need to be specifically researched and segmented, not only for individual EU countries, but also for demographic segments across those individual EU countries. For example, it was noted that:
“…after respondents were explained what PSD2 is, almost half (46%) said they would be glad to avail of the new payment services that will be made possible by the directive. The number of respondents under the age of 34 who plan to use the services unlocked by PSD2 was nearly 40% higher than for the population overall” (Touchtech Payments, 2019).
This type of finding would suggest that PSD2 firm strategies in the Netherlands should focus on a segmentation approach whereby a specific target population (i.e. 18 > AGE < 34) would form the primary target which needs, not only to be continually educated and prepared on PSD2 developments, but also potentially ‘acclimatised’ to future PSD2 initiatives, offerings, and services to be offered by specific PSD2 firms.
In addition, it was found that once PSD2 had been explained to the respondents, many of the respondents responded positively to the envisaged changes, with many respondents showing enthusiasm for a number of new proposed services, such as: (1) consolidated payment accounts (29%); (2) viewing all balances in one place (28%); (3) using savings applications (Apps) (26%); (4) using household Apps for payments and credit cards (25%); and (5) making online purchases without credit cards (21%) (Touchtech Payments, 2019). This kind of research highlights the significant benefits to be gained from PSD2 strategic initiatives that are grounded in jurisdictional and demographic research, as specific offerings by PSD2 firms can be specifically tailored to efficiently align with the anticipated demand that has been deduced from PSD2 field research.
[TO BE CONTINUED]
Deloitte (2018). Baby steps, but no giant leap: PSD2 at six months old. Deloitte LLP.
Dhami, I. (2018). Open Banking and PSD2: Disruption or Confusion? (31stJanuary), Security Intelligence, [Online], Available at: https://securityintelligence.com/open-banking-and-psd2-disruption-confusion/.
Dunlop, A. (n.d.). Open Banking and PSD2: A confused roadmap to innovation. PaysafeGroup.
FICO (2018). Risk & Compliance. (5thJune), [Online], Available at: https://www.fico.com/en/newsroom/swedes-confused-about-psd2-changes-to-payments.
FICO (2019). FICO Survey: UK Consumers Could Thwart Strong Customer Authentication. (31stJanuary), [Online], Available at: https://www.fico.com/en/newsroom/fico-survey-uk-consumers-could-thwart-strong-customer-authentication.
Finextra (2019a). 41% of banks missed PSD2 deadline says survey. (21stMarch), [Online], Available at: https://www.finextra.com/newsarticle/33569/41-of-banks-missed-psd2-deadline-says-survey.
Finextra (2019b). Sweden's Tink aims for pan-European coverage with €56 million in funding. (7thFebruary), [Online], Available at: https://www.finextra.com/newsarticle/33334/swedens-tink-aims-for-pan-european-coverage-with-56-million-in-funding/retail.
GoCardless (2019). Security vs. convenience in the payment experience. What matters most to online shoppers.
Koić, M (2019). Breaking the bank: how financial institutions can embrace disruption. (5thMarch), The New Economy, [Online], Available at: https://www.theneweconomy.com/strategy/breaking-the-bank-how-financial-institutions-can-embrace-disruption
Tink (2019). What a missed PSD2 deadline says about the challenge of implementation. (21stMarch), [Online], Available at: https://tink.com/blog/2019/3/20/psd2-sandbox-status.
Touchtech Payments (2019). European citizens and banks still unclear over PSD2 provisions. (8thFebruary), [Online], Available at: https://medium.com/@touchtech/european-citizens-and-banks-still-unclear-over-psd2-provisions-f62daeb4220a.
Virdi, T. (2016). PSD2: One of the biggest disruptions in banking for decades. (26thJanuary), Global Banking & Finance Review, [Online], Available at: https://www.globalbankingandfinance.com/psd2-one-of-the-biggest-disruptions-in-banking-for-decades/.