With EU’s PSD2 (Payment Services Directive) March 2019 deadline looming, Zoya Malik spoke to Eran Vitkon, Open Platform Solutions Group Head, Finastra about the opportunities and challenges financial institutions must face in order to compete and remain relevant to their customers’ payments experience.
ZM: What’s your view on PSD2 impact on creating competition and consumer protection in the market?
EV: The original scope of PSD2 was to try and facilitate taking cash out of society by making electronic methods of payments easier. It also aims to put power into the end-user’s hands by allowing them to grant consent to any regulated third-party provider (TPP) to manage their account and initiate payments on their behalf.
The introduction of these new players into the market adds competition. TPPs, being significantly less regulated than banks, have the potential to be more agile and become the customer’s new channel. This puts pressure on banks to innovate and create value added services to attract consumers to their online service and differentiate themselves.
PSD2 also has the potential to increase competition between banks and credit card companies. The combination of Pay From Account and Immediate Payments is something very appealing to merchants, so much so that it’s even possible that they might incentivise consumers to opt for that payment option over credit card. From a consumer perspective, once the banking services are on par with what credit card companies provide in terms of financing options and online experience, then this shouldn’t be a hard sell.
Banks need to understand that the changes brought about by open banking go beyond just regulation. The enablement of open APIs allows banks to extend their services outside of bank applications. This is an opportunity, for example, to allow a car buyer to take an immediate loan at the car agency without going into the bank and without switching between applications. This allows banks to provide payment initiation services and exploit the tremendous amount of data in these payments to deliver a high level of personalisation to the consumer, while also improving big data analysis for the bank.
Banks recognise that PSD2 is both a retail and corporate banking opportunity and should develop use cases based on customers’ needs and pain points. In fact, in the responses to the initial thinking, corporates gave the EU the most feedback; more than citizens and banks put together.
ZM: How feasible is this for banks to invest and implement over 2019? What targets would they want to meet?
EV: For most banks the first milestone, and the one which is of the most immediate concern, is compliance with the PSD2 regulation. This will likely be their major focus well into mid-2019. That said, it should be evident to most banks that becoming a TPP and being proactive is the next logical steps. This is something we have seen the larger and more advanced banks already doing. As already regulated entities, banks will have less hurdles to jump to become a TPP compared to technology companies, but still have many other technology and business challenges to overcome on the road to compliance. Key to meeting these targets on time will be knowing which of these pieces should be done in-house and which will require partnering with an external technology vendor.
Open banking also requires a move to 24/7 operations and will mean banks must update their legacy systems to integrate with modern application programming interface requirements. Banks must also implement new security measures, given they may no longer own the channel.
Overall, there are two key end-user stakeholders here: the consumer and the corporate. Both have similar needs (access to account aggregation and initiation), but will be implemented very differently. The corporate side will be a major opportunity for closer system relationships between the bank and its customers.
ZM: How will this impact service providers to the industry? What are the opportunities and what will be the focus of their R&D and products?
EV: Some of the major areas where we see opportunities are:
-Value Added Services – Banks are spending lots of time and money on complying with PSD2 but providing only basic services will give them zero revenue benefits. Banks are keen to find additional products and services which can leverage this work and enable them to attract other banks’ customers and/or monetise them to gain revenue.
-Risk and fraud – Currently banks have the privilege of owning the channel which the customer is using, whether mobile or web, the bank has access to a rich set of data upon which they (through their service provider) can assess each interaction. In a post-PSD2 world these interactions may come from a third-party channel, and the data they are able to analyse will be drastically smaller. This creates a major challenge.
-User Experience – PSD2 introduces a lot of complexity and friction into consumer interactions with banks via TPPs. The constant authentication and authorisation requirements somewhat break the current online experience consumers have grown used to. Both banks and TPPs should invest in solutions to help mitigate this effect.
-Tighter integration – with the corporate’s line of business applications such as ERP, payroll and supply chain.
ZM: What conditions do banks need to partner with these service providers and what are the opportunities?
EV: First and foremost, banks should understand that the open API is a new channel and should be treated as a product. Technology vendors can help banks ensure all standards and security requirements are met in full compliance with the rule book. The bank’s own flavour comes in the ‘shape and colour’ of the APIs the bank chooses to expose. The bigger banks are mostly tackling PSD2 compliance internally, though we can expect that once PSD2 truly kicks in they will find that they have some loose ends which would be best tackled by a service partner. The real opportunities currently lie with smaller, local banks with smaller development bandwidths to handle the required changes. This will also apply for large foreign banks with small European footprints. These banks must comply with PSD2 as they service European customers but may not be well-versed in the regulation and what it entails. This is a prime opportunity for a partner to step in and provide its services. Smaller banks have greater opportunities to be disruptive despite their size. The opportunity for collaboration can help these banks innovate more quickly, rather than being dependent on in-house and organic capabilities like the bigger banks.
ZM: Are banks doing enough to educate their customers on open-banking new payment schemes?
EV: Banks are still educating themselves on this subject. Many of the emerging leading standards in Europe are still a work-in-progress, and there is still a lot of uncertainty between TPPs and banks regarding implementation approaches and operating models. There is some comfort in having customers that are not aware of the new open-banking payment schemes as it keeps the demand low for something new. However, if one of the big tech giants were to propose a significant service, that could change everything. It could lead to customers putting pressure on their banks to offer something similar. Think about mobiles. We had mobiles and were happy with them until Apple introduced the iPhone and changed customer expectations.
ZM: What’s important to control risk for banks and security and protection for retail and corporate customers of open-banking payments developments?
EV: As mentioned previously, TPP access to APIs is somewhat of a blind-spot for banks in terms of risk and affects both retail and corporate banks. Where corporate and retail diverge is mostly in the payment service user (PSU) authentication and authorisation. The introduction of the corporate as an entity and the need to support multiple levels of authorisations per action is something that is challenging. Initially PSD2 was seen as purely a retail initiative, as the innovation level in retail applications in terms of efficiency and usability is much higher, but slowly it has been realised that where PSD2 brings the most value is in corporate use cases. Though the challenge in implementation is significantly higher, banks are eager to do it as they know that the benefit to the corporates is much greater and corporate banking is where the revenue lies. Specification schemes have caught on to this as well and some now include support for corporate use cases in their latest specifications.
ZM: For Finastra, what new payment activities are offered to your clients?
EV: The combination of open banking along with instant payments is key, and we see it almost as one value proposition with very strong synergy. We also look at the value-added services (VAS) like Request For Pay, Pay Later and others as part of the core proposition. The basic Payments Initiation and Account Information is not good enough and will not fulfil the promise. Exposing all of these value-added services will allow fintechs to innovate and develop applications on top of these capabilities.
Our corporate-facing customers are keen to help their customers take friction out of their systems and become more agile. A combination of PSD2 and Open APIs can help here.
ZM: Which are Finastra’s clients and what are their requirements currently for new payments provision?
EV: The majority of our clients are starting with compliance, but also understand the need to widen their offerings to provide more advanced and comprehensive solutions. Because of this, banks are starting to look for open solutions which allow flexibility in adopting new services developed by third parties. Connecting to open ecosystems such as these is becoming more and more significant for banks. Other requirements we are seeing are in enabling data monetisation. Banks understand they are sitting on a gold mine when it comes to their data but are still unsure of how to monetise it. We are working with our customers to help them find the best way to monetise their data in the context of payments and beyond.
ZM: What is your advice to clients and partners going forward to upgrade their payment systems?
EV: Be open. The ability to open up a bank’s internal services to the outside world is critical in a world where open banking is becoming a reality. An open platform is the future proof solution for this environment: exposing services in an easy, standardised way, and allowing banks to onboard innovation quickly by consuming new services from partners at any scale. This will help banks to meet regulatory compliance needs, with the ability to move faster as open banking gains more traction. We also see value in the ability to provide an integrated solution, for example, solutions that can allow banks to pose more complex use cases combining payments with other Finastra products.
Here is an example: A car agency is selling cars. For those who need a loan, the car agency would propose an instant loan. The buyer would do the entire car loan initiation without going into the bank to complete the form/loan. The loan once given will call the payment initiation API periodically to pay off the loan.
ZM: What’s your view on trends in cryptocurrency payments and current market environment for future investor growth and consumer interest?
EV: For a long time, cryptocurrency was a solution looking for a problem. This is an emerging environment that still needs regulatory work before it really takes a major hold in payments. Nevertheless, one cannot ignore the benefits and value of this technology. This market is evolving and even if not yet matured, it is something to observe, trial and test. Key features in the maturity of this industry will be: security and speed while not compromising on the data being delivered. The winners will be those who are able to provide all three in one solution.