Is PSD2 really FinTech friendly?
Marc Lainez and Sélina Varsalona on the struggles for FinTechs in the context of PSD2
The revised Payment Service Directive 2 (PSD2) updates and complements the European rules put in place by the first Directive. One of the main objectives is to improve the level playing field for payment service providers, including new players like FinTechs, as it establishes an Open Banking ecosystem. An ecosystem where access to customer payment accounts data and the payments infrastructure of banks is “open” only upon customers’ consent and authorization.
Having access to the customer’s payment account and to the transactions details will boost the FinTech market. However, there is also another side of the coin. In fact, PSD2 challenges both the banking industry and the emerging FinTech sector. We are interested in those of the FinTech sector, a sector where threats are turned into opportunities. But what are the real struggles for FinTechs? And how are FinTechs dealing with them? Will the FinTech market really know a significant boost thanks to the revised Directive?
We raised these questions to Marc Lainez (co-founder of Ibanity and VP of Connectivity at Isabel Group) and Sélina Varsalona (Trifinance Business Manager - Belgium Financial Institutions).
It might be a good start to explain what the competitive advantages for FinTechs are.
Sélina : FinTechs are new players who seize opportunities due to the gap between the current offering of Financial Institution and the actual customer’s needs. This is reflected in the proposed value- added services or creation of new digital financial products. FinTechs are able to answer the customer’s need thanks to their competitive advantages: they continuously innovate to survive and to grow, they move fast due to their lean & agile mindset and deliver efficient and digital processes.
Nevertheless, in the world of tomorrow, I believe strongly that both banks and FinTechs need each other in order to bring real and concrete value for their clients.
What does this mean in the PSD2 context?
Marc: Today, banks have something that FinTechs do not have: large volumes of customers. But what they do have is a different view on the typical customer journeys when doing banking activities. Before PSD2, the only way to truly deliver this new vision was through partnerships with banks or “alternative” methods such as screen scraping. What PSD2 offers is a leveling field and easier access to customer’s payment accounts data. FinTechs will then have less resistance to access the information they need to deliver innovative services to their customers. That is at least supposed to be the spirit of PSD2.
What are -or might be- the challenges from a business perspective?
Marc: The main problem will be gaining the trust of the banks’ customers. As we observed with the Facebook and Cambridge Analytica issue, making sure that the customer clearly understands what data will be used and for which purpose is crucial in delivering new financial services based on PSD2. Building that trust will not be easy for FinTechs.
Sélina: Another challenge from a business perspective is the fact that banks show some resistance towards FinTechs acting as TPP due to the different levels of risk appetite. Nowadays, some banks (still) seem to be resistant towards FinTechs, especially to open their customer’s data to them as it might imply a higher risk of cyberattacks. Therefore, it is crucial for FinTechs to illustrate the implementation of appropriate organizational and technical measures in order to gain sufficient trust from banks. Especially when it is clear that cyber security will become an even greater threat in a more complex ecosystem resulting in a big challenge for Financial Institutions including FinTechs.
An even more important point I would like to add is the mindset of some banks. There is still a certain fear sensed within some banks of losing their competitive advantage when opening their back-end systems in a PSD2 context. And you cannot blame them: open banking implies a huge, even a revolutionary, change for banks; not only system-wise, process-wise, regulatory-wise, but it especially implies a change in their mindset. A big challenge will be to grasp the opportunities at the right moment by leveraging on regulations like PSD2.
As a start-up working in a highly regulated environment, what are the challenges from a compliance point of view?
Sélina : A FinTech, that acts as a TPP and that wants to obtain direct access to the payment service user’s data is bound to comply to different laws and regulations. The three main regulations in the context of payment services are PSD2, AML and GDPR. Each regulation gives rise to its own particular challenges, so the implementation of each one of them has proven to be a highly complex task. Especially when there are discrepancies between the regulations.
The main five compliance- related challenges that should be looked at are the following ones:
- Defining who the data gatekeepers are as we are moving more and more towards a data-sharing economy,
- Capturing and managing the consent and authorization of the payment service user
- Managing the transferred payment and personal data in a safe and secure way
- Defining accountability, especially because PSD2 does not require a contractual relationship between banks and Third Party Providers. This implies that also FinTechs acting as TPPs should guarantee an appropriate level of data security
- Assessing and setting up the relevant AML processes and controls on the right moment of the PSD2 chain
Another non-trivial element that we should bear in mind is the fact that new regulations seem to be lagging behind the market. This results in legal requirements for FinTechs and banks that are just too heavy as they are not adapted to the market trends and not really fostering an innovation-friendly environment.
Does this mean, given the challenges, that FinTechs are advised to weigh their partnerships options?
Marc: More regulation means more rules to follow. Therefore, FinTechs will try to do what every start-up does: choosing the path of least resistance. If they find a bank integration option that is cheaper and faster than implementing all by themselves, most will favor that option. That’s the value proposition of most API aggregators. Some Third Party Providers will invest the time and the money to integrate with all the banks they would like to reach, but the core business of most FinTechs is not bank integration. It is to deliver added value on top of said integrations. Today, banks don’t make the life of Third Party Providers easy, and it will probably take a few years to get to this point, even with globally adopted standards.
Sélina: Also from a compliance perspective, collaboration with aggregators or big Third Party Providers could be an option for FinTechs in order to outsource compliance-related processes. However, this does not mean that FinTechs can ignore their minimum requirements as they remain accountable. Therefore, it is important to find the right balance when outsourcing processes. And roles and responsibilities of both parties should be documented properly.
API aggregators solve the complexity of TPPs integrating with banks in an open-banking world
Source: Ibanity, Business Unit within Isabel Group (www.ibanity.com)
If we could predict the future, where will FinTechs, operating in the PSD2 environment, be in 10 years?
Sélina: This is a difficult exercise especially because the financial world seems to change faster and faster. First, I think PSD2 will probably be replaced by PSD3 or PSD4. Additionally, Financial Institutions will evolve as providers of new types of services such as Payment Initiation Services and Account Information Services. Moreover, the banking world will become more complex which brings new challenges for the regulators: I predict that regulatory bodies will also transform internally at on organizational level to meet the demands of FinTechs and Banks in a lean and agile manner. So that they are moving at the same pace as the market. There is still a long way to go but hey…Rome was not built in one day
Marc: Indeed it’s a tricky exercise to predict the future and most fail at it. I agree that PSD2 will be updated by another Directive and will be complemented by additional laws and regulations. My guess is that in 10 years, we will have less banks in Europe. Some will disappear or be bought by larger groups that will aggregate financial services from each other and from FinTechs.
From a customer perspective, the concept of “money” will probably change as well and the balance on a bank accounts will be less relevant. Instead, people will want to achieve goals, in the short term and the long term. There will be frictionless and immediate feedback on questions like “can I afford this item?“. For instance, you’d take a picture with your phone of a car you see passing in the street and an app could tell you that yes, you can afford it if you take a loan in any of the proposed institutions with a suitable rate. It could also propose alternative cars that match your request, while staying within your acceptable budget if no solution could be found for that one. Banking will not be just about money anymore, but will be an integral part of any customer journey. Now, you can put that quote in a time capsule and call me back in 10 years to see if I was right, that would be fun.