Open Banking and PSD2 Implementation Challenges. Interview with Bob Lyddon

In this issue of our FinTech series, we invited Bob Lyddon, an expert in payments and cash management, to talk about Open Banking and Payments Services Directive 2.

Open Banking is a relatively new term related to initiatives that aim to improve customers’ banking experience by using open banking data, such as information about products and services and personal transactional data. The idea is that data can be securely shared using open APIs with third party providers. These in turn would build useful applications that will make financial management intuitive and easy.

New offerings might include better cash management, with the ability to easily move money between different accounts or make payments from accounts at several banks in one mobile app. New budgeting apps would give consumers better control of their spending and offer comparison and switching services to help them compare and identify the products best suited to them. Alternatively, apps could provide customers with a personalised service linked to their current financial situation. 

The key objectives of open banking are to boost competition, stimulate digital innovation, reduce costs to consumers and improve efficiency, without undermining customer data protection. 

There are two major regulatory pieces that are currently being implemented in the UK.

First is an order from the Competition and Markets Authority (CMA) which requires the nine largest current account providers to make the following data available to authorised third parties: 

•      Standardised product and reference data;

•      With customer consent, secure access to specific current accounts in order to read transaction data and initiate payments .

Further guidelines on how this could be achieved are provided by the Open Banking Standard, which was developed by the Open Banking Working Group, formed back in 2015 at the request of HM Treasury.

The second piece operates at the EU level - Payments Services Directive 2 (PSD 2). The main purpose of the PSD2 is to encourage new players to enter the payment market. It does this by mandating banks to “open up the bank account” to external parties, provided that the consumer gives explicit permission. The draft guidelines called Payment Services Regulations were published by the Treasury in February 2017 and are due for implementation in January 2018.

According to Bob Lyddon, these EU objectives are intended to prepare the EU for the digital economy, perfecting the single market in financial services, which also means underpinning the Euro, and making sure that the currency is fully embedded in all types of retail payments – card, direct debits, electronic payments, etc. The UK agenda, on the other hand, is intended to ensure that it will have coherence of law before and after Brexit. It is expected that EU regulations and directives will be enacted and retained after Brexit. Another objective is to open up banking here in the UK, particularly for consumers and SMEs, beyond what is called the stranglehold of the big 5 banks.

As defined by Bob, these initiatives aim to transform the payment business from being vertically integrated to horizontally integrated. Vertical integration means that big banks own the entire value chain, directly or through “puppet” organisations: they own the channel through which the customer interacts with the banks, the processing of payments, communication channels between the banks and clearing systems, and the clearing systems themselves. For example, the clearing infrastructure system is owned by Vocalink, the clearing systems schemes are owned by organisations such as BACS Payments Schemes Limited and Faster Payments Limited, the shareholders of which are all big banks. The aim, therefore, is to become a horizontally integrated system, where each layer is an area of competition in its own right. The only pieces that would remain the preserve of banks are those where prudential regulation is needed – deposit taking and final settlement of clearing. Everything else - the processing, the clearing systems - can be owned by non-banks. You can also have channels for customer to access the bank, which are operated by third parties rather than banks.

While technology companies are eagerly looking forward to the opportunities which open banking and PSD2 could allow them, implementation standards show that the data which would be available is rather fragmented and would not be as comprehensive as FinTech companies are hoping for. 

What is more, the incumbent players are not quite ready to enforce compliance. There is confusion about the scope and detail of the data to be shared and about what parts of these two regulations are mandatory or not. 

As yet, there is no message book designed to convey data which has never before been exchanged with third parties (neither in the SWIFT world nor in more recent standards such as ISO 20022).

There is an overall lack of market practice with regards to what would be reasonable operational demands for the data exchange (what data, how much, how often, etc). 

Many established players are burdened by legacy systems which just don’t provide the flexibility required, and which would be costly and time-consuming to configure for the new requirements. 

Furthermore, concerns about client data protection and questions around data ownership are at the top of the agenda, often used as a tool to lobby against Open Banking initiatives.

In addition, as our guest speaker Bob Lyddon highlighted, data protection is not just an issue for the incumbents: third parties, who would consume shared data, are probably not sufficiently concerned about the risks of mishandling client data, all of which could lead both to significant fines and irrevocable damage to their reputation.

Finally, the ironic thing about the PSD 2 regulation is that it does not make a distinction between incumbents and new entrants. There are a number of young organisations, such as e-money institutions, payment institutions and challenger banks, who are also subject to this regulation and who will also need to open up their data to other third data providers. 

While Open Banking and PSD 2 are facing implementation challenges, the most important question is whether consumers in the UK are ready to open their financial transactional data to third party providers. Will the benefits of new service propositions outweigh the loss of your privacy? 

A poll of over 2000 adults conducted by YouGov on behalf of the credit referencing agency Equifax revealed that 90% of Brits have not heard of the Open Banking initiative. When asked about sharing personal data through Open Banking, 60% of the poll said they would not consent to this. Consumers’ concerns about data being shared included security (67%), and that third parties would be able to contact them (62%). (source: FinExtra)

Only time will tell whether the brave new world of FinTech companies will be able to change this perception. Dedicated focus on innovation that solves consumers’ problems, rather than designing new push products, might do the trick. 

Watch our full interview with Bob Lyddon to learn more about these important initiatives.