Are you ready for PSD2 and Open Banking?
We checked in with over 70 organisations across Europe. Review the results, and benchmark your firms’ readiness to respond.
On January 13th 2018, Payment Service Providers (PSPs)1 must become compliant with the revised Payment Service Directive 2 (PSD2). To date, PSPs have committed significant financial and human resources toward achieving compliance with new, or revised, conduct requirements.
For the majority of PSPs, the recent finalisation of the Regulatory Technical Standards (RTS)2 enables firms to commit to undertaking significant technology, business and operational transformation, necessary to comply, and strategically respond to the threats and opportunities presented by PSD2 and Open Banking.
From a compliance perspective the majority of financial services organisations feel confident they will be ready to comply with the applicable requirements coming into effect on January 13th 2018.
The key challenges related to long-term compliance with the RTS, strategically responding to PSD2 and Open Banking, as shared by survey participants, include:
- Delays in finalisation of the RTS
- Lack of common single Application Programming Interface (API) for access to accounts
- Heretofore, a liability scheme for authorised and unauthorised payments has not been defined
- Complexity of issues relating to consent and data protection obligations
- Challenges in maintaining a positive user experience when applying Strong Customer Authentication (SCA)
Although most firms are approaching PSD2 as on opportunity, they remain very aware of the threats it poses to their business models. Remarkably, only a quarter of firms feel ready and confident about their strategic plans, or have secured adequate budget and resources to develop them appropriately.
1 PSPs include; Credit Institutions; Payment Institutions; Money Remittance and eMoney firms; Payment Initiation Service Providers; Account Information Service Providers.
2 RTS defines new standards for Common Secure Communications (CSC) and Strong Customer Authentication (SCA).