The implementation of an EU-wide Open Banking regulation was never going to be easy. There are technological complexities, old guard mindsets and the disparity of 28 banking industries to consider, among other issues. None of these are simple obstacles to overcome.
The PSD2 deadline passed two months ago, but these barriers still remain at the top of the agenda for both established and upcoming companies. Enforcing new technological infrastructure alongside legacy banking business models is – no surprises here – one of the toughest mountains to climb.
The collective woes of banks across the EU are embodied in the PSD2’s updated Strong Customer Authentication requirements, which are causing many headaches for industry players, even despite the lengthy extensions issued in many countries.
“The complexity of the implementation process, the technical requirements that came rather late, and the reactive approach by regulatory instances on what could and could not be done didn’t make it easy for us,” said Marc Lauwers, CEO of Argenta, Belgium’s 5th largest bank.
The ECB and national regulators saw events differently. Technological advancements, no matter how uncomfortable and costly they might be, are the agents of disruption – and disruption is the catalyst of competition. The pushback coming from legacy bankers was always going to be there. Getting old operators out of the way is the Sisyphean task of any regulator bent on enabling innovation.
“I noticed the signals in the [banking] lobby and the behavior of banks,” remembers Karel Van Eetvelt, CEO of Febelfin, Belgium’s federation of banks. “Banks didn’t like the idea behind PSD2, they wanted to stop it.”
Yet, the pitfalls of the digital age quickly dawned on bankers. Online fraud, money laundering, phishing scams and the rest of the malicious hacking toolkit have all proliferated as banking has become more digitized. Something had to be done, and given the reticence of traditional players, regulators had to force the issue.
“The shift came from the moment banks realized there was no way back. They understood PSD2 was inevitable. From that moment on, they started preparing themselves as fast as possible,” remembers Van Eetvelt.
This change was inevitable. The very foundation of the Open Banking movement is based on the rise of fintech and the integration of banking into the digital world.
“Finance and technology are being integrated. It is no longer either, or, but and. This is the critical change [that] we are seeing. FinTech is not Finance or Technology, but Finance and Technology,” writes Chris Skinner on his popular fintech blog, The Finanser.
“What I find interesting here is that the more open banks become, the more challenges they have,” he says. “Meanwhile, banks’ leaders, their regulators and the government are predominantly still stuck in financial regulatory circles and not in technology circles.”
The real winners of the PSD2 melee will thus be the banks that make the transition and begin to operate like technology companies, moving beyond just offering some digital services on the side. The rest better be ready for the history books.
Threats to Open Banking
The natural question to ask at the end of a chapter is, “What’s next?”
Done haphazardly, the SCA has the potential to alter public perception of the Open Banking environment. Poorly engineered new payment security gateways can cause needless friction, reduce usability and consequently deter customers from using digital banking altogether. When customers are prompted to share private financial data with such poorly constructed interfaces, their opinion of not just the specific company but Open Banking as a whole is tested.
This wide variety of possible user experiences could create dramatically different customer profiles – and not just across generations.
“I foresee some kind of schizophrenia in a society where you have the digital natives who embrace Open Banking and then the ones who tend to be more classical,” says Inge Ampe, CCO at Argenta. “We already notice this in our society now, it’s not so much old versus young, but it’s more the “openness”, different appetite, appetite for trust, appetite for the more global, cosmopolitan approach.”
Further fueling this divide is the numerous data scandals surrounding Google, Amazon, Facebook, Apple (GAFA) and other tech giants that regularly threaten the “openness” mindset. In a recent example, Amazon came under fire for using human technicians to listen to slices of conversations customers have recorded through their Alexa voice assistant, purportedly in an effort to clean up the AI’s ability to respond to commands.
These heavily publicized breaches of privacy corrode the Open Banking movement as well. If people decide that they no longer wish to share their data, this will become an existential challenge to the ethos at the very heart of Open Banking.
“I’m not sure all customers will be really happy with [sharing financial data] since people often choose to have different banks to keep certain data separated. It will be interesting to see what will happen,” remarks Lauwers.
“For many years we have been told that data is the new oil”, Lauwers continues, “so why would companies and individuals be so happy to give away this valuable asset?”
Despite the challenges and potential pitfalls, Open Banking is here to stay. And PSD2 is just the beginning.
This opens up a lot of questions. If we had a crystal ball to peer into the post-2020 future, what would the banking industry look like? How much will financial institutions integrate with technology? Will there be a PSD3?
Not all of those questions are answerable. But what we can safely say is that in the EU, PSD2 will foment an ecosystem ripe for innovation beyond payments and accounts. Already, there is a constellation of open API platforms being released by banks that promise to promote innovation and redefine how we bank.
Regional regulations will go global. What happens in Germany will soon be integrated into companies in Singapore.
The result is what some analysts call “Banking Everywhere”: the natural sequel to the PSD2 regulation and current Open Banking movement. In essence, “Banking Everywhere” would allow all modern finance services to be done remotely, integrated across the planet in a seamless global network – a truly open banking universe.
“It seems logical to me that once the landscape is established, there will be a broader user base and broader combinations. And that will create opportunities domestically and internationally,” says Lauwers.
Tackling the technically complicated barriers of the SCA may only be a matter of better harnessing the power of technologies that are now gaining mainstream visibility. This includes machine learning algorithms.
“Machine learning is vital to gaining more payment power under SCA — and good data is vital to machine learning. That’s a challenge for businesses that have historically stored data in disparate ways, data that is not necessarily formatted in a way that is ready to feed those machine learning models,” reports PYMNTS.com.
According to Eleveld at Ekata, preparing the old data for a new model is one of the most important projects for the payments sector. The companies that can achieve this the fastest are the ones that will likely prevail.
Banks may have initially complained about the additional costs of updating their technical security infrastructure, but part of their frustration has arisen from a genuine dearth of fintech partners out there who are ready to help them. In the forthcoming years, more fintech partners will be available to choose from, offering banks greater understanding of how to navigate the new inventory of technological solutions. The current lack of maturity among companies who could provide sandbox solutions, for example, will be a thing of the past.
There is a lot to look forward to. But we have to temper our expectations, be resolute in our mission and collectively define a long-term strategy for merging technological innovation with our traditional financial systems.
“I embrace PSD2, but [when I hear] voices from the European Commission saying they want to go further, beyond payments – and rather sooner than later – I get scared,” admits Van Eetvelt. “If you do this before fixing the security concerns, that is a crazy idea I think. We are not ready yet,” he says.
The slow and steady route has always been the most advisable. In the case of PSD2, it might just be the only viable choice. But only the fast, technologically-nimble players will make it to the next chapter unscathed.