14th September is the date that banks across Europe have been working towards to implement the Regulatory Technical Standards that will ensure compliance with PSD2, but, for me at least, it seems more appropriate to consider the last working day before the deadline – the far more ominous Friday 13th – as the real crunch date. Particularly given the state of compliance across the industry.
Open Banking as a concept, and PSD2 as the regulatory drive to embrace that concept, offer so much promise, but have been fraught with issues.
Deadlines have consistently been missed by banks, or Payment Service Providers (PSPs). Most recently, over a third of PSPs in the UK failed to publish their APIs by 14th June, which was a key testing period to ensure readiness for the September deadline.
And aspects of the regulation have proved difficult to translate smoothly into reality. The FCA has now publicly offered relief for the Strong Customer Authentication requirements, largely on the basis that the industry hasn’t been able to agree on a frictionless customer experience. Indeed, there were concerns from merchants that the introduction of SCA in the online payment experience would cause customers to baulk when they got to the checkout.
We could go into great detail about the root cause of these issues – the difficulty extracting data from archaic, poorly understood legacy systems; the challenge banks have had in viewing Open Banking as an opportunity rather than a compliance exercise; the near impossibility of executing long-term, wide-ranging change or regulatory projects in environments driven by yearly target and budget cycles; and the extent to which the industry is truly able to cooperate to create frictionless, seamless customer experiences – but today I’d prefer to consider the impact any delay presents.
Will the banks suffer?
The FCA, and other National Competent Authorities across Europe, are unlikely to impose immediate fines for non-compliance – as the soft approach to SCA already confirms. There will be remediation plans, promises to meet certain standards within the next 6 months, and regular monitoring of progress – but little in the way of financial penalties.
Non-compliance won’t necessarily result in much of a reputation impact either, given the low level of consumer awareness of the regulation, but it will certainly impact each banks’ ability to build out value-add services, products and functionality as money, time and effort will be focused on compliance. This could well have knock on impact to customer retention and acquisition in the medium term.
So, do customers even care?
By and large, no. Most aren’t aware of Open Banking and those that are aware won’t necessarily see much of an impact. Most importantly, it wasn’t consumers that called for the initiatives – in the UK Open Banking was first driven by the Competition and Markets Authority to increase competition in a static, lethargic industry.
But independently of Open Banking and PSD2 competition in the UK has increased – predominately as a result of the mass commercialisation of cloud technologies and the ease of development of (cheap) microservice based infrastructures. Monzo has over 2 million customers, Revolut has over 7 million (globally), Starling over 750,000 and Marcus over 250,000. Throw in N26, Tandem, Tide, Atom and B (among others) into the mix and you have an increasingly diverse market that is slowly but surely chipping away at the customer base of the big four UK banks.
Who is hit the hardest by a delay?
The biggest impact of any delay to the full implementation of Open Banking is to the Third Party Providers that were seeking to use the wider availability of data and the ability to trigger payments to offer tools, functionality and products that would complement traditional banking services.
Companies that have built entire business models on the expectation of a smooth transition to Open Banking with be further frustrated. The expectation is that firms that have relied on alternatives to Open Banking APIs to provide services to customers – such as screen scraping – will be legally required to cease those activities from 14th September, and replace them with what is available from the banks. Tink, however, recently called for regulatory flexibility in implementation deadlines to allow for greater collaboration across the industry to create a robust, technically stable environment – rather than allowing banks to default to clunky, difficult to implement fall back solutions.
Will we ever see Open Banking as a concept come to fruition?
To an extent it already is bearing fruit, albeit fruit that has not yet ripened. Tools and products have been built based on the expectation of Open Banking or utilising the technology that is available today – and these do provide great value to the customers that use them.
As well a bridging the clear and wide technological gap and moving past the mindset of compliance, there’s a lot of work needed to thrust open banking into the general consciousness of the public.
Education is absolutely key to instil trust and get a reasonable uptake of services. The customer experience, particularly for authentication and permissioning, needs to be seamless, which today it certainly isn’t. For this the industry needs to work together closely, really putting the customer at the heart of the initiative, rather than the regulation or potential revenue streams.