PSD2 Coming, But British Open Banking Regulation Already Ahead of the Game (So Long As It Stays Compliant) Says Payments Expert

This content belongs to The Money Cloud – comparing the best rates for sending money overseas offered by hand-picked, regulated brokers and money transfer agencies

As always, this month’s European Payments Council (EPC) newsletter contains some essential reading.

As anybody who works within the payments or indeed the wider fintech industry surely knows, PSD2, the much-anticipated update to the first set of Payments Services Directives, is nearly here.

The most important thing to know about PSD2 is that it will allow any firm, provided it has the customer’s permission, to access data from their bank accounts and initiate payments or transfers of money on their behalf.

The data is accessed using Application Programming Interfaces (APIs) and the implications of the new set of directives is that any firm with the right level of technical expertise can begin to compete with the big banks for the right to carry out financial services on behalf of customers.

Witness the rise of the Challenger Bank (monzo, Atom, Starling etc.), savings apps, split payments / bills solutions etc. Once the reserve of banks, now the financial services playing field is expected to be well and truly levelled.

But not quite yet, because PSD2, a Europe wide initiative, is going to take some implementing – but if you are based in the UK, you should be feeling lucky. And a little bit nervous.

This is the essence of an article by James Whittle, the Director of International Standards and Services at Payments UK featured in this month’s EPC newsletter.

He talks about the Open Banking programme in the UK, “a world-leading collaborative effort to develop standardised APIs that will open up the banking industry for the benefit of consumers and businesses alike”.

In 2015 it was decided, at the request of HM Treasury to create an Open Banking Working Group in the UK, comprising of experts from the worlds of fintech, banking, consumer and business communities.

Acting under a mandate from the Competition and Markets Authority (CMA) the group developed a set of Open Banking standard frameworks to help stimulate competition within a financial services industry, where it was considered that “the UK’s older and larger banks do not have to work hard enough to win and retain customers”, as Whittle puts it.

The nine largest banks in the UK were therefore mandated to produce an “Open Banking Implementation Entity” that would deliver open access APIs in consultation with fintech firms, consumer groups and the public.

The so-called CMA9 have duly done so and have created both Open Data, and Read/Write APIs independently of those which may come to be created under PSD2, and well ahead of schedule. Now the task ahead is to become fully compliant with the PSD2 regulations which come into effect in January 2018.

Wherever their open banking standards overlap with PSD2 requirements, such as Secure Customer Authentication or professional indemnity insurance, for example, the CMA-9 must make sure they are fully compliant.

The Open Banking regulations introduced by the CMA 9 are nowhere near as complex as those being introduced by PSD2. PSD2 involves some 300 separate entities, not 9 – which is why there is now a PSD2 Stakeholder Group to “guide the Open Banking Implementation Entity towards PSD2 convergence” and to “work more widely with the industry under Payments UK on the practical implementation of PSD2.”

The PSD2 Stakeholder Group has a couple of major hurdles to overcome, namely making the CMA9 regulations compliant with European Banking Authority (EBA) Regulatory and Technical Standards (RTS) which come into effect in mid 2019, and more immediately with the General Data Protection Regulation (GDPR) which will introduced in May 2018.

PSD2 is not just an opening of the financial services floodgates to a host of new, agile fintech startup players. It is also an endlessly complex set of regulations and guidelines that will take years to implement and understand the implications of.

Its importance is hard to overstate, and it is one area where Europe can be said to be ahead of the game.

I attended the launch of a new startup accelerator, Supercharger, in Kuala Lumpur this week, where I got talking with a Malaysian founder in the bill payments space. I watched his jaw drop to the floor when I told him that API were being used to access bank’s data in the UK and Europe.

He could not believe that banks would agree to provide this kind of access and couldn’t imagine it happening in Malaysia.

Well, I have news for him. It will, and if Malaysia decides, like the UK has, to get its own house in order before the Asia-wide or even global regulations come in, then the country may well find itself, like the UK, stuck between a rock and a hard place.

All the right advanced technology, but unclear whether they are allowed to use it in a compliant way.

“The PSD2 Stakeholder Group is open to all those with an interest in PSD2 implementation, Open Banking and working together collaboratively to solve industry-wide challenges”, says James Whittle.

“If you are interested in participating in this exciting new work please do not hesitate to get in touch.”