Open Banking: how can third party providers succeed?

Dr. Ruth Wandhöfer, Strategic Adviser for ETPPA, talks about the way TPPs can approach Open Banking for ensuring success, including problems to solve and strategies to implement

Wait a minute, what is the question? How can TPPs succeed in Open Banking? Is something not going according to plan and TPPs need help, advice, a strategy?

Let’s quickly remind ourselves here, the whole idea of Open Banking - and in the same breath we have to mention the Second Payment Services Directive (aka PSD2) – was developed with the central objective of letting European’s fintechs in the payment space and in particular third party providers (TPPs) offering account information (AIS) and payment initiation services (PIS) strive.

Over the years, following the First Payment Services Directive of 2007, many new types of payment service providers came to the market and some invented completely new and exciting services. The plan with PSD2 therefore was to include these new services in its regulatory fold and thus to ensure consistent levels of consumer protection across the payment value chain whilst at the same time enabling those new providers, which became to be known as TPPs, to compete with incumbent banks. At a political level the message was clear: Europe has an emerging fintech payments ecosystem, which shall grow and strive and not only provide competitive vibes to the ‘old world of banking’ but also develop into a counterweight to US and Asian BigTech players.

Open Banking, a parallel development that occurred in the UK as a consequence of a lack of competition in banking and payments, led to the creation of what is now an industry wide framework to enable easier access to different types of payment and over time financial services in general. Again, here the thrust is that competition and easier access to more diverse services should be enabled and PSD2 as implemented in the UK does its part to deliver this from the regulatory side. And this is where the problem begins. Whilst the PSD2 level one text was drafted well in order to be technology neutral and thereby protect TPP business and product continuity, the second level legislation, represented by the European Banking Authority’s (EBA) Regulatory Technical Standards (RTS) adopted in 2018, forced TPPs to migrate their access-to-account technologies to dedicated interfaces, more commonly known as Application Programming Interfaces (APIs). These APIs had to be built by banks (also called Account Service Providers or ASPSPs in the PSD2), but most of them struggled to do so and TPPs had to onboard these APIs in order to be able to exchange the relevant information with their users via this route. Unfortunately, those APIs are still of bad quality across many banks in Europe, whereas the fact that the Open Banking framework in the UK standardised APIs and ensured availability, both of which helped the TPP industry a lot.

However, there are other areas, which create a problem for all TPPs across Europe, including those in the UK. And these, again, stem from the EBA’s RTS, which have clearly been written by people that were not aware of the different services that TPPs offer and the benefits that these bring to consumers and other users. The biggest issue to mention here is the requirement for Strong Customer Authentication, or SCA, where the RTS and the interpretations and guidance around these by the EBA took no notice of user experience, user needs, and benefits in the context of AIS and PIS. 

According to the RTS on SCA, AIS have to require customers to re-authorise their TPP at least every 90 days. This effectively means that AISPs have to start from scratch and onboard their customer base at least every 90 days. Many banks across Europe (not so much in the UK luckily!) have made the user experience even worse by asking them for an SCA every time that they log in for a TPP service. The EBA is now advising National Competent Authorities to encourage banks to stop asking for daily SCAs, but their RTS and guidelines have not been formally changed to enforce this. 

The reality therefore is that users receive unexpected message alerts, sometimes in the middle of the night, requesting them to authenticate themselves. These surprising prompts instil fear of fraud and tampering with their online accounts, rather than the previous user experience where TPPs could deliver timely alerts on balances, new and cheaper services as well as risk alerts. From a relationship of trust and transparency between user and TPP, the RTS allowed banks to step in the middle and create mistrust, fear, and friction. 

In conclusion, Open Banking in the UK works ok for TPPs with room for improvement with regard to the SCA dilemma. At a European level, the EBA RTS is still creating even more fallout with issues around API data parity, daily multiple SCA requirements, and sheer frustration of customers of TPP services. 

Ralf Ohlhausen, vice-chair of ETPPA, is also rather critical, saying, ‘For over a decade, we saw flourishing TPPs in some more progressive countries, whilst others tried to keep their banking closed. PSD2 forced the latter to change, but the RTS introduced such mediocre standards that existing TPPs were set back and new ones struggle to start up. They allowed banks to regain monopoly on providing payment certainty, user flows, real-time alerts, and other fully automated account services. Consumers and corporates will have to wait longer for interchange fees to go away and for innovation and convenience to come back - hopefully with RTS2.’

It appears that the initial objective of fintechs to strive, compete, and grow has pivoted with policy makers and regulators at EU level into the opposite stance, where protecting the old banking world against the threat of US and Asian BigTech now seems to be the preferred strategy, whereby the stifling of TPPs is accepted as collateral damage. Whether this will truly deliver the benefits of innovation to users and the market overall is more than questionable. You will surely have a view yourself…

The editorial was originally published in Global Open Banking Report 2020, which follows the journey from Open Banking to Open Finance and Open Data Economy and provides key insights about the benefits of Open Finance for different areas of financial service.

About Dr. Ruth Wandhöfer

Dr. Ruth Wandhöfer is an expert on banking regulatory and FinTech innovation matters. After a distinguished career with Citi, Ruth is an I-NED of Permanent TSB and Digital Identity Net, a Partner at Gauss Ventures, Strategic Adviser of the ETPPA and Adviser to RTGS.global. 

About ETPPA

ETPPA is the European trade association of bank-independent third party providers (TPPs) under PSD2. It was established as a non-profit organisation in April 2019 to formalise the pre-existing Future of European Fintech coalition founded in 2017 to join the forces of non-bank TPPs. ETPPA represents the TPP interests vis-à-vis the EU authorities and across various European working and multi-stakeholder groups in support of creating an innovative and competitive level playing field for Account Information and Payment Initiation Service Providers (AISPs & PISPs).