On 27 November, PSD2 was back in the headlines as the European Commission formally announced that the long awaited Regulatory Technical Standards (RTS) on payment security had been submitted for approval by the European Parliament and Council. Whilst PSD2 is still applicable as planned on 13 Jan 2018, an exception has been made for the security measures outlined in the RTS which will not become applicable until 18 months later (i.e. Sept 2019). During the transition period, there is provision for the existing practice of third-party access without identification referred to as ‘screen scraping’ to be an acceptable fall back solution but accompanied by a waiver possibility for national competent authorities (i.e. CBI in Ireland) provided that certain requirements are met and maintained.
This recent announcement on RTS was as expected but a PwC survey shows few banks seem to be ready for PSD2 in the broader sense. PwC’s research, published in Ireland today, revealed that just over one in three (38%) banks were still in the early stages of assessing its impact, while only 9% were in the implementation stage of the new Payments Services Directive 2 (PSD2) requirements.
As part of the research ‘Waiting until the Eleventh Hour’, to assess PSD2 readiness, PwC interviewed 39 senior bank executives in 18 European countries including Ireland, covering most of the world’s leading banks. While two-thirds of the executives anticipate PSD2 will affect all of their bank operations, with numerous interdependencies with other regulations, only 9% said their preparations for PSD2 were at the stage of being implemented.
The introduction of PSD2 is meant to create a level playing field for new entrants and traditional market players, offering more opportunities for competition and innovative payment services. Under the revised Directive banks in Europe will need to make customer data available in a secure manner, and eventually give third-parties access to their customer’s accounts. PSD2 is a testament to the newly unfolding world of open banking where FinTech companies, merchants and even telco’s and other utility providers, can change the payments landscape completely.
“It’s clear that banks, including in Ireland, need to perform a rigorous self-assessment as they transition to the world of open banking."
In January 2018, banks’ monopoly over customer account information and payment services will effectively cease. Encouragingly, almost all banks (94%) interviewed by PwC are currently working on PSD2 in some way or another and two out of three banks say they want to use PSD2 to change their strategic positioning.
Sinead Ovenden, Partner, PwC Ireland Financial Services, specializing in Regulation, said: “For many banks, including in Ireland, compliance with PDS2 will be a challenge. However, compliance will not be their only concern. Banks need a proper strategic response to avoid becoming disintermediated by more customer-oriented third-party offerings. They will need to analyse the emerging payments landscape and identify new revenue opportunities for services, something most have yet to do.”
*Where the bank facilitates the business of others by acting as an intermediary i.e. acts for third parties and their customers
In the survey, PwC also asked banks about their preference among four types of emerging business models. First and foremost, banks are striving to be compliant with the directive, which is due to be transposed into Irish law by 13 Jan 2018. Half (50%) of the respondents aspire their bank to be a platform aggregator at some point in the future. This would facilitate the business of others by acting as an intermediary. It would mean developing an open platform that allows partners to integrate their products and services into the bank’s offering, while generating new products and services based on the bank’s Application Programming Interface (API). PSD2 API examples include checking available funds, account enquiries and credit transfers. All banks surveyed in Ireland aspired towards the Bank as a Platform model, offering third parties an open API and data to build up new services.
David Stapleton, Consulting Director, PwC Ireland, added: “Any bank that could achieve this would be a powerful operator. However, the reality is that only a handful of large banks could reasonably expect to build a truly powerful partner ecosystem. In fact, we doubt that many third parties will be willing to connect to multiple banks as long as there is no common API standard across Europe. It’s clear that banks, including in Ireland, need to perform a rigorous self-assessment as they transition to the world of open banking, including their market positioning and competitive strengths.”
As part of the report, PwC identified several best practices that banks should follow to ensure they address PSD2 effectively and efficiently. Perhaps the most important finding is that banks should ensure their top management is part of the strategic response to open banking. Currently, strategic considerations are oftentimes a by-product of a PSD2 compliance project managed by IT and operations. Given the far-reaching impact PSD2 will have, banks that take this approach will miss the opportunity to become powerful operators in the new world of open banking.
The adoption of the revised Directive on Payment Services (PSD2) has set the stage for open banking, providing standardised access to Irish customer data and banking infrastructure. PSD2 will lower the barriers for entry to third-party providers and FinTechs, and stimulate the development of new business models. Adapting to the new requirements will need a lot of investment and EU members have until 2018 to implement it.
Director, PwC Ireland (Republic of)
Tel: +353 1 792 8241
Corporate Communications, PwC Ireland (Republic of)
Tel: +353 1 792 6547