The PSD2 RTS and Open Banking in the EU


Until recently, banks were closed ecosystems. Even when the customer wanted to share information with third-party providers, the process was often a slow and cumbersome. This limited both the choice available to consumers and the scope for innovation in financial markets.

Open Banking is aimed to change this. In theory, the consumer has complete autonomy and control over their own financial data. With access to this data, third-party providers can offer a range of innovative services that give consumers more choice and better value.

In its original form, the draft PSD2 Regulatory Technical Standards (RTS) threatened to undermine Open Banking in the EU. Fortunately, the European Commission made some essential changes. However, these do not go far enough and the EBA is now pushing back, even behind their previous position.

The crucial functionality of basic access and the RTS

For the past 15 years, PISPs (Payment Initiation Service Provider) were able to initiate payments and mitigate the risk of non-execution by non-real-time banks, which are still the majority, by verifying relevant customer data such as excess balance, overdraft and 30-day transaction history, before providing a sufficiently reliable “success message” to the merchant within seconds, i.e. well before the payment is being executed – or not. The RTS is not specifying this and the banks are refusing to provide such data via basic access. Instead they want to sell an execution guarantee as a value-added service. However, from the customer’s perspective, it is crucial that the merchant gets a realtime confirmation to ship the purchase right away.

Similarly, AISPs (Account Information Service Providers) currently offer consolidated views of all accounts a customer has, whereby PSD2 covers payment accounts only. In the absence of clarity within the RTS, banks want to deny future access to non-payment accounts, which would make AIS non-attractive to consumers.

Therefore, to continue real-time PIS and valuable AIS, it is crucial that customer-permitted direct access via the bank’s customer-facing online banking interface by properly identified PSD2-licensed TPPs (Third Party Providers) can continue. Banks are not willing to ensure this via the dedicated interfaces the RTS entitles them to provide instead of giving direct access.

Is there a workable compromise now?

The good news is that the European Commission listened to all market participants (fintechs and banks) to find an acceptable compromise. The new proposal still specifies that third parties should access customer accounts through an API provided by the banks for that purpose. But, if that API stops working or does not provide the same level of service as the customer interface, fintechs may now — as a fallback — use that customer interface once again.

This removes the over-reliance on the banks’ good will. Even if the API for third parties is not well maintained, the customer interface will be, because banks have an obvious self interest in providing a good customer experience. But, while this revision is a step in the right direction, it does not solve all the problems with the RTS and, driven by the bank’s resistance, the EBA has since rejected this fallback proposal by the EC altogether.

What issues are still overlooked?

The biggest issue is that the RTS must provide sufficient clarity that a fallback is allowed not only for downtime of the API, but also if the provided data is insufficient or not accurate enough for real-time PIS and valuable AIS.

To avoid endless arguments and disputes, the banks’ free choice of providing dedicated interfaces or not, should be complemented by the TPPs’ free choice of using them. This would incentivise both the creation and the use of good APIs and avoid inefficient regulation and policing in the middle.

In this case, banks would still be free to offer execution guarantees as a value-add, but the pricing of such an interchange-like charge would then be in competition with the TPP’s alternative of providing their own risk mitigation instead, like they do today.

This is why direct access is so essential for innovation, commercial efficiency and a good customer experience.

For a full explanation of what still needs to change in the RTS, read the statements by the Future of European Fintech Alliance.

The article and more information about PSD2 & Open Banking can be found in the Open Banking & API report 2017 by The Paypers!