Following the European Commission‘s recent review of the Payment Services Directive 2 (PSD2), which concluded on 5 July, many in the industry are seeking an answer to the question: where does open banking go from here?
In light of the review, Andrei Cazacu offers The Fintech Times a comprehensive answer to this question.
Cazacu is the EU policy lead for TrueLayer. Before joining the open banking platform, Cazacu was a senior policy manager at the US Chamber of Commerce‘s affiliate in the UK, covering UK-US financial regulatory dialogues, data protection, and cross-border data transfers. He also worked as a public affairs consultant in Brussels.
Here, Cazacu explains why a common standard for Europe doesn’t guarantee API consistency, but how focusing on open banking implementation might:
Following a recommendation from the European Banking Authority, the industry is now debating whether introducing a single API standard is the key to reducing fragmentation and improving open banking.
Before we dive into that it is important to recognise that PSD2 has been transformational in several ways:
- PSD2 began levelling the playing field: By supporting dedicated interfaces to initiate payments on behalf of consumers, PSD2 lowered the barriers to entry for new providers. After open APIs were introduced by banks, there was a sharp increase in market entry. Today, there are more than 500 authorised companies providing open banking services to customers all over the EU, up from only a handful before PSD2.
- PSD2 has stimulated innovation: PSD2 brought together AIS – access to transaction data – and PIS – the ability for third parties to initiate a payment. This has led to an explosion of innovation, where businesses can combine payments with data to create powerful use cases, from user verification and affordability checks to seamless customer onboarding.
- PSD2 has made payments safer and more secure: Where PIS payments are used to pay businesses, they can replace manual bank transfers and prevent misdirected payments and scams. From the very beginning, open banking payments were required to use Strong Customer Authentication (SCA) for initiation, making them hard to target for fraudsters.
But experience has shown that defining a common API standard doesn’t guarantee API consistency, and may not be the right way forward for the EU’s open banking ambitions. When considering where we go from here, we need to consider three critical questions:
- Do we need a single API standard in the EU?
- Will the rules be applied more consistently?
- Will we finally have borderless instant payments?
Do we need a single API standard?
A big debate is whether the European Commission should recommend or mandate a single API standard.
PSD2 requires banks to meet certain criteria for their open banking interfaces. Because of this, several standards bodies were established, including the Berlin Group, STET and PolishAPI. Their role is to develop specifications for APIs – the technology used to develop dedicated interfaces.
But implementation has so far been left to individual banks. In effect, the term ‘API standard’ is inaccurate. What we have is a series of technical specifications but little coordination around how they are implemented and how well they perform.
This leads to the same APIs being implemented and performing in different ways. Even within the same standard, we see differences in how banks interpret and implement it.In turn, open banking providers have to treat each API on a case-by-case basis. In other words, there is a considerable difference between having a standard and making sure that the same standard is being implemented in a standardised way.
But a common API standard is not necessarily the solution.
Firstly, there is plenty of innovation helping to resolve some of the open banking fragmentation. One example, while perhaps unintended in PSD2, is API aggregation. This is where fintech companies specialise in connecting to bank APIs, creating a single API for other firms to connect to.
This allows other regulated open banking firms to focus on innovative user propositions, rather than maintaining bank connectivity. The market for both API aggregation and consumer services is highly competitive and works well.
Secondly, there is plenty of valuable work and expertise within the current standard bodies, meaning there’s no need to build a new API standard from scratch.
So what’s the solution?
- Build on and harmonise the work of existing standards bodies: The EU should encourage more dialogue and cooperation between existing standards bodies. This way, the technical and commercial know-how in these groups would be harnessed rather than lost, and new standards would align and converge over time, rather than becoming more fragmented.
The EU should also clarify how existing standards bodies should interact with specifications developed by the European Payments Council, following on from the work of SPAA MSG.
- Consider a central body to coordinate API implementation and performance: Rather than focus on a common API standard, the EU could develop a central independent body, or empower existing bodies to focus on API implementation and performance across banks.
This would be a similar model to the Open Banking Implementation Entity (OBIE) in the UK, which had enforcement powers from the Competition and Markets Authority, and which helped advance open banking at a faster pace than other comparable markets.
A central independent body could act as a single trusted source of public data on open banking. Right now it’s difficult to know how many European users there are, how many payments or data requests are made each month, and how this is growing over time. This data is available in the UK from the OBIE.
Such a body could also play a role in creating more seamless and more consistent payment authentication journeys by issuing guidance on best practices.
Unnecessary friction in the authentication process is a significant and artificial hurdle to open banking truly taking off in Europe. As finance APIs become more important, we need to make sure they have the same performance and functionality across the EU, so consumers enjoy a consistent experience.
Will the rules apply more consistently? (PSR1 or PSD3?)
Another question raised by the EU’s review is: will PSD2 stay a directive or become a regulation? Will there be room for interpretation or will the rules apply the same way in each country?
EU directives require transposition into national law, so each member state will interpret the directive in slightly different ways. In contrast, EU regulations apply ‘as is’, which minimises the room for interpretation and ensures a more consistent application across all 27 member states.
In the case of PSD2 (a directive), the flexibility to transpose it differently has created differences in interpretation.
For example, only some EU countries classify credit cards as payment accounts, which open banking providers are able to access. This lack of consistency means consumers can use fewer services in some countries than others.
Transforming PSD2 into Payments Services Regulation (PSR1) would help open banking by ensuring a quicker and more consistent implementation. But it can be difficult to achieve consensus on regulation, so continuing the directive approach could lead to faster improvements in payments and open banking.
Will we finally have borderless instant payments?
Open banking puts instant payments at the fingertips of both consumers and merchants. It elevates SEPA Instant from a bank transfer option available only through online banking to an alternative payment method in fast-moving sectors like ecommerce or investment.
But right now SEPA Instant falls short of its pan-European aspirations. Patchy coverage and high costs for consumers keep it from being a perfect match for open banking payments.
And because IBAN discrimination is still a problem, it remains difficult and sometimes impossible to make cross-border open banking payments. That’s why the EU needs to complement the review of PSD2 with legislation that encourages the frictionless use of SEPA Instant.
Open banking payments will only fulfil their full potential in Europe if instant payments are available everywhere and obstacles like IBAN discrimination are removed.
A common standard for Europe doesn’t guarantee API consistency, but focusing on how we implement open banking might.