Don’t let regulatory compliance be a tsunami. Keep Calm and Compliance On
In this four-part blog series we will cover the key requirements of PSD2, MIFID II, GDPR and AML.
It all began in 2007, with the Payment Service Providers Directive (PSD), which sought to create a single payment market in the European Union to promote innovation, competition and efficiency in the EU.
But in 2013, the European Commission proposed an amendment (that’s where the 2 comes from in PSD2), which aimed to enhance these objectives. It seeks to level the playing field among countries and among payment service providers, putting consumers in a better position, as they will benefit from increased competition. It also hopes to normalize new payment methods like online and mobile payments.
So far, a business has to use a series of intermediaries for online purchases to take place, such as electronic payment providers, which contact the card company, let’s say Visa or MasterCard, which finally charge the checking account. However, with PSD2, the consumer can simply authorize the business to make the payment on their behalf through their bank account. This means the bank and the business communicate directly using an Application Programming Interface (API).
With the right vision and implementation strategy, the transformation forced by PSD2 can help traditional banks and other institutions become digital innovators and disruptors, ensuring they will not only remain relevant, but take the lead in the new digital payments value chain.
Banks sharing information about customers’ accounts to enable those customers to take advantage of innovative new services is becoming the norm, not the exception. A rapidly changing payments industry is threatening incumbent banks’ payments revenues and customer ownership. To add to that, the revised PSD2 is driving European banks to a defining moment. The directive is set to accelerate the digital disruption that is reshaping the financial services industry. Banks will have to decide whether they want to become a banking “utility” or an “Everyday Bank” playing a central role in customers’ daily lives.
PSD2 presents significant opportunities to grow new revenue streams, capture customer ownership and progress toward an extended ecosystem centered on the Everyday Bank. The imperative for banks is to leverage API integration and their existing customer relationships to develop a customer value ecosystem centered on their own banking portals.
PSD2 expands the original directive’s regulatory scope and technical requirements in four main areas:
- New TPP Players — A major component of PSD2 is Open Access to Customer Accounts (XS2A), which requires banks and other institutions to share payment account information with TPPs via open APIs. TPPs include Payment Initiation Service Providers (PISPs), such as Sofort in Germany, IDeal in the Netherlands and Trustly in Sweden, and Account Information Service Providers (AISPs) that aggregate customer information from multiple accounts and make it accessible from a single portal. Under PSD2, all PSPs, PISPs and AISPs will have to follow the same rules and go through the same processes for registration, licensing and supervision by the competent authorities.
- More SEPA Payments — Transactions in non-EU currencies where both the payer’s and the payee’s PSP are located in the EU will fall under the new regulation, as will payment transactions in all currencies where one PSP is located in the EU.
- Enhanced Security — To make electronic payments safer, PSD2 introduces enhanced security measures (including Strong Customer Authentication, with some exceptions based on context) to be implemented by all PSPs, including banks, payment institutions and TPPs. The technical requirements will be issued by the EBA.
- Better Consumer Protections — PSD2 bans debit and credit card surcharges for online and in-store payments, clarifies the liability rules that determine which PSP is responsible for issuing refunds, and protects consumers in the case of fraudulent and unauthorized transactions. Additional rules provide unconditional refund rights and protections for non-EU money transfers and remittances.
It’s true that digital-native customers and competitors are disrupting the entire banking and financial services industry. But the leadership mantle in digital banking — including payments — is still up for grabs, and the wealth of data, information, experience and knowledge that is unique to traditional banks and financial services firms gives them an enviable head start. If banks do nothing more than provide an API to facilitate the mandated XS2A, they will meet the minimum requirement for open access to customer account information. But, they also risk becoming the back-end infrastructure for more agile and imaginative newcomers who are eager to take control of the front-end customer experience. If you want to preserve and expand your role (and revenues) in the new digital payments value chain, you will need to fully embrace the digital ecosystem and use APIs to seamlessly integrate various services, including but not limited to payments. With an API-centric integration strategy for digital banking innovation, you can introduce value-added apps and services that delight your customers and strengthen existing portfolios.
Let SEEBURGER help you stake your claim in the new payments value chain as a digital banking innovator.