As of Friday 14 March, payment service providers within the European Union have to comply with the requirements of the revised Second Payments Services Directive (PSD2), a far-reaching series of open banking regulations. But implementing these new regulations has already proven challenging. What’s more, a number of other regulatory authorities around the world are watching closely to see how the EU handles the implementation of PSD2 to inform their own implementations of open banking.
What is PSD2?
The Second Payments Services Directive, or PSD2, is a set of regulations developed by the European Union in order to legally enshrine the principle of open banking. Essentially, it breaks banks’ monopoly on their customers’ data. This means that third-party merchants and providers can access your data, with your permission, and make payments on your behalf without having to redirect you to a secondary service like PayPal or Visa.
Under PSD2, payment service providers can no longer block clients from sharing info with someone else, like a credit scorer or payment provider. This should empower consumers and set the groundwork for more competitive and open payment services systems where banks are no longer gatekeepers.
Why is open banking important?
Open banking provides a powerful opportunity to improve financial inclusion. By breaking the monopoly on user data that large banks currently enjoy, open banking opens the door to smaller financial services players and drives competition in the market. More competition means more choices – and hopefully lower prices and improved service offerings – for customers.
It also forces banks to be more accountable in their data practices, making it harder for hidden fees or overdrafts to cut into their customers’ money. Furthermore, by making banks publish all their service data, open banking also helps consumers make more informed decisions about their financial services provider.
Challenges facing PSD2
As encouraging as the principle of open banking seems, it also raises some immediate potential issues, the foremost of which are concerns about data privacy. In the EU in particular, making customers’ data more open and accessible brings PSD2 into direct conflict with the recently implemented General Data Protection Regulation (GDPR) and its principles of online data privacy. It remains to be seen how the EU will overcome this contradiction in principles.
On top of general data privacy concerns, financial services institutions will need to implement powerful cybersecurity architecture, as any breach to their system could result in massive exposure of sensitive customer data.
There are also concerns about how difficult the implementation will be, requiring a number of intensive changes to the way financial services institutions operate. Companies are also reportedly unprepared for the legal requirements of PSD2. A December 2018 study by Mastercard found that nearly three quarters of online merchants in the EU aren’t even aware of the strong customer authentication (SCA) requirements under PSD2.
PSD2 and the rest of the world
The implementation of open banking with PSD2 won’t only affect the EU. Regulators around the world are keeping a close eye on how Europe handles open banking to guide their own national implementations.
Across the channel in the United Kingdom, where open banking has been in the works for some time already, most of the major banks are already prepared for the rollout and will be watching closely to see how their counterparts in the rest of Europe adapt to the new regulation. With a potential Brexit still hanging over the UK’s relationship with the EU, British banks may avoid PSD2 entirely.
In low and middle-income countries (LMICs) where financial inclusion is a pressing challenge, the principles of open banking may be the key to unlocking financial services for consumers. In Africa, for example, regulators from South Africa, Kenya and Nigeria have expressed interest, if not specific intent, in open banking.
Want to learn more about open banking?
Open banking regulation is just one of the topics covered in DFI’s brand new Regulation in Digital Finance course. Developed in conjunction with the University of New South Wales and running over 4 weeks, this course unpacks the core enablers required for digital financial inclusion, especially as they relate to digital payments.
The course will be taught by myself and Dr Jonathan Greenacre, a Hitachi Center Faculty Fellow at The Fletcher School. The Regulation in Digital Finance course is designed to be foundational, enabling students to get a broad overview before they explore more focused studies, such as DFI’s course on Anti-Money Laundering Compliance (more courses like this will be coming in the near future).
Applications for the Regulation in Digital Finance course close on 31st March 2019. You can enrol in the course here.