Compliance and competitiveness

As the European Union tries to respond to an ever-evolving payment landscape in Europe through the Revised Payment Services Directive (PSD2), banks are facing important challenges while trying to be compliant. The legislation created a panoply of opportunities, but also challenges, from a strategic, organisational, and technological perspective. As banks try to navigate this maze, they will need to reconsider their operating models and how open banking may be the next logical step.

Payment initiation service providers (PISP) initiate payments between the payee’s and payer’s accounts and account information service providers (AISPs) aggregate information between customers’ payment accounts.
 

PSD2 - Regulating innovation and change

Throughout history, humans have had payment systems that allowed them to trade goods. These have been subject to evolution over time, moving from simple bartering, grains, or shells to gold-backed currencies. Over the past few years, this evolution has accelerated rapidly.

These new payment systems imply a number of new challenges. In an effort to respond to these changes and encourage competition and innovation, the European Union put into place the Revised Payment Services Directive (PSD2).

PSD2 will open the market to new payment players and extend the scope of services, increasing competition with the aim to encourage innovation, rapidity, efficiency, and safety in payments. Specifically, two new types of third parties will be able to participate in the market: Payment Initiation Service Providers (PISPs), to initiate payments between the payee’s and payer’s accounts, and Account Information Service Providers (AISPs), to aggregate information between customers’ payment accounts. The provisions of PSD2 imply a number of challenges for banks that need to be addressed sooner rather than later.
 

New types of competition will nibble on banks’ margins and banks’ customer basis

Agile and flexible non-bank players have already entered the payment services market, such as Amazon, eBay, and Facebook, without the need to maintain heavy banking infrastructure nor comply with complex legislations. They will now have access to parts of banks’ infrastructures and data, which banks will be required to share through APIs (Application Program Interfaces). They will position themselves in attractive niche markets benefiting from excellence in customer experience and lower cost bases than banks. Non-bank players (especially merchants) will be able to cherry-pick and focus on the most profitable services. As new players will be able to provide information and payments services, customers will have broader access to formerly traditional banking services, like advice on their financial situation, debt, credit, and other general questions.¹ Indeed, requesting a loan or benefiting from financial advisory would make more sense with an aggregated view on all of the customer’s assets.

This is a real danger to banks margins, but also banks’ customer bases. A recent survey that was carried out by Deloitte in a European country shows that 58 percent of consumers with mobile banking applications would be willing to change to a mobile-only bank to have the ability to perform a greater number of banking-related services. Additionally, 49 percent stated they would trust digital payment services providers, and respectively 43 percent retailers, to access banking services.²

Bank business models will need to evolve and collaboration will foster competitiveness

Banks will be able to react to PSD2 by either complying or competing. In this context, banks need to decide their future business model. They will need to define whether they want to position themselves as one-stop-shop advisers competing with innovative new players in the banking world or become specialists focusing on being balance sheet providers, innovators, or infrastructure providers.³ One-stop-shop providers face risks and challenges through new competition as well as the opportunity to take advantages of the possibilities available through teaming up with FinTechs and other innovative companies. These banks will essentially need to find ways to drive revenue by enhancing service offerings at minimal costs, and building on capabilities that are available to them through new technological advances. One-stop-shop banks will be able to benefit from aggregating services to enhance customer value and customer experience, being able to compete with FinTechs and challenger banks. For example, they will be able to leverage the precious amount of information that will be accessible through APIs upon customers’ request, giving customers a global view on all transactions or monetising this information to merchants for their own marketing and targeting strategies.

The current state of regulation and the market are still frightening for banks, especially considering the blur around savings and securities accounts. The framework defined by PSD2 is only partial, resulting in only payment accounts being included or not clearly defined standards for APIs. The numerous questions that remain, make grasping the existing opportunities complex and some banks may lose courage when faced with this situation.

Let us look at the example of unknown API standards for example. Today this is already generating worry and leading to thoughts on how they can be standardised in the future (e.g., Berlin group, Open banking working group). At the same time, FinTechs such as Yodlee and Budget Insight have created extremely flexible solutions that allow the aggregation of accounts beyond payment accounts. By working together with companies that have embraced this uncertainty and complexity in their DNA, banks can take advantage of the opportunities of today’s environment.

This example provides just a quick glance at the enormous scope of opportunities that may arise once banks venture into open banking. By changing their business models from closed models that consider data as proprietary structures toward open models that embrace collaboration with other players, open banks will be able to deliver new value to customers and be more competitive compared to traditional closed banks.
 

Organisational impacts will be significant and will pose challenges to banks

PSD2 requires banks to implement significant changes. These changes include compliance requirements, such as the opening of APIs and new security requirements linked to SCA (Secure Customer Authentication) requirements. Furthermore, if banks decide to compete rather than just comply, further countless new activities will result, including integrating partnerships with innovative companies that may have completely different ways of functioning and governance; the need to treat and exploit new data (e.g., obtained from other banks or other companies) requiring big data capabilities, or developing new in-house solutions for automation. In order to be able to address these choices and pursue the strategy chosen by banks, decision makers will need to reevaluate and adapt HR and IT strategies to these new demands.

From a compliance perspective, specific regulatory and technical expertise within organisations as well as adapted IT-infrastructures and financial resources will be required. At the same time a myriad of other regulations, including GDPR⁴ and MiFiD II⁵, have similar demands in terms of resources, and banks face Sophie's choice in terms of prioritisation of projects, generating a need for trained resources that can be complicated to address.

When going beyond pure compliance, these requirements become even more pointed. To compete with innovative players, banks will need to further develop existing capacities including change management, digital IT, and architecture, and also acquire new capabilities such as customer experience and user experience to be able to ensure that their digital (and non-digital) experience is on par with innovative players.

Open banking - shifting from closed to open banking models

Open banking will represent a paradigm shift in today’s world. While today, products, services, functions, and data are treated as proprietary, the world of tomorrow will see bank products, services, functions and data shared for use with third parties that will aim to create benefit for customers and new business values.⁶ Incumbent banks that embrace open banking in order to be able to compete, may be able to create new sources of revenue and may benefit from significant advantages given their strong expertise, brands, and trust, as well as access to an existing client base.

Deutsche Bank and Nordea are just two examples that highlight how compliance and competitiveness with third parties are not mutually exclusive and have opened websites for developers to experiment and test with ideas and APIs.

• Deutsche Bank’s dbAPI interface provides access to the bank’s proprietary environment to allow developers to test their ideas and innovations using anonymised banking data. The creation of this portal goes hand-in-hand with another initiative—the hackathon—which is a three-day event allowing developers to test their APIs for three days and allowing the winning team to collaborate with Deutsche Bank’s Digital Factory.⁷ 
• Nordea has launched an API platform that aims to meet PSD2 requirements, but also seeks to capitalise on PSD2 to advance open banking. The bank provides the first iteration of a portal and community hub for developers with access to a sandbox environment and APIs in order to encourage collaboration with third parties and innovators.⁸ Initial APIs available include the account information service and the payment initiation service API.

Fidor goes even further, putting open banking at the heart of their business model. Fidor (bought last year by BPCE) was founded with the idea to propose a dedicated operating system (fidorOS) with APIs to manage all features that a customer requires in his daily banking life. The idea behind Fidor is to promote open and transparent banking and therefore to leave the possibility for customers to manage their data through any other application that could propose value-added services and improve the banking services.

Deutsche Bank, Nordea, and Fidor are only some examples of banks that are experimenting with open banking to deliver benefits to end customers. Today a number of banks and other players are already daring to make the first shift toward open banking and it is likely that in the future other banks will follow— sooner or later. The three banks show how differently organisations can take advantage of the opportunities of PSD2 and open banking to collaborate in order to remain competitive.

This article first appeared in edition 16 of Deloitte’s Inside Magazine. Access the full edition and other articles within it here.