Beyond PSD2: What is next for financial institutions?

Why did the EU adopt PSD2?

It is abundantly clear that advancements in technology, such as the cloud and mobile apps, have disrupted the banking industry. This and other factors, including the rise in online shopping which has had a direct impact on an increase in online fraud and data breaches, has led to the European Union adopting PSD2.

The purpose of the Directive was to revolutionize the European payments industry. Not only is it aiming to increase pan-European competition and participation in the payments industry from non-banks and other financial institutions, but it’s also striving to level the playing field for startups in the fintech space, allowing them to play a more important role and encouraging them to enter a market once exclusively designed for legacy players.

By enabling customers, consumers, and businesses alike to use third-party providers to manage their finances, PSD2 it is removing the monopoly that banks once had over their customers’ account information. Ultimately, some people believe that the overarching purpose of PSD2 is to unify the European market, but we will probably see further iterations of the Directive before this would-be goal is reached.

What are the key changes?

PSD2 has introduced two new regulated entities to the financial landscape: PISPs & AISPs. PISPs or Payment Initiation Service Providers are those who initiate a payment on behalf of a user. AISPs, otherwise known as Account Information Service Providers, are service providers who have access to that individual’s bank account information. For example, AISPs could analyze a user’s spending habits while PISP services deal with the transfer of money and take the form of Peer-to-Peer (P2P) transfers or bill payments.

By providing third-party providers with access to consumer banking data, a host of new financial products and services can now be built on top of existing bank infrastructures, giving consumers greater convenience and control of their payment options through a single service. Banks will not only continue to compete with other banks, but now will be further challenged by innovative upstarts offering previously unavailable financial services and products. 

Another major change is the requirement for stronger identity checks for online payment transactions. With access to bank account information, it’s only natural to enforce increased security measures. PSD2 calls this Strong Customer Authentication (SCA). SCA is authentication based on knowledge (e.g. something only a user can know), possession (e.g. something the user possesses), and inherence (e.g. something the user is). SCA could take the form of two-factor authentication, for example, a question and a biometric scan or a password and a randomly generated Personal Identification Number (PIN).

In today’s environment, the customer’s experience is crucial. To help reduce fraud, SCA requires an authentication for every transaction over USD 30, or a cumulative transaction amount of USD 100, which introduces friction to the customer experience. As one may see, with the privilege to access a bank account, data also comes with responsibility. That means third-party providers are challenged with striking the right balance between their customers’ experience and their fight to meet their regulatory obligations.

Is PSD2 intended to unify the European financial services market?

Maybe. A survey conducted by the European Commission revealed that 80% of people would not consider buying a financial product from elsewhere in the EU, because they can do so within their own country. However, this could change depending on what products are being offered and most importantly – how much they cost. PSD2 has this effect in many ways. For example, it allows third-party providers of financial services operate within the EU so long as they are licensed by their home state’s financial authority. Therefore, while banks need bank licenses in each country they operate, third-party providers only need one. And, as the European market continues to grow into one larger, unified market, hopefully newcomers – such as startups and smaller companies – will want to do business. I believe everyone is expecting to see an increase in investments in financial services that directly target the newly unified market and over time, the European financial ecosystem will change and grow.

Will these new regulations change banking as we know it?

Undeniably, yes. PSD2 establishes an open market and open competition, where the best services, interfaces, and technologies can rise to the top.

Will it change the way we bank? It remains to be seen. Many people are resistant to change, particularly when it comes to money. Building a relationship of trust is a big factor for many, and new entrants into the space will need that to be successful. That being said, Blumberg Capital’s recent fintech survey reported that while half of Americans prefer to use a traditional financial institution, they also seek the benefits of new technologies and services. What’s more, it reported that more than two-thirds of Americans would trust new payment or investment technologies more readily if offered by their existing bank. Even though cultural differences exist between the US and Europe, these statistics do give us interesting insight into how new financial technologies may be received.

How can banks comply? Is technology fueling the change?

Of late, regulatory technology (commonly referred to as regtech) providers have really upped the ante in order to help businesses comply with regulations around money laundering, customer due diligence, data protection, and payments.

In addition to automating processes, regtech is also helping financial institutions – in particular, banks – retrofit new technologies and bid farewell to outdated legacy systems. This ensures that they stay ahead of both technological curve and competition.

There’s a lot of talk about fintech and regtech disrupting the banking sector – but just as often, one technology fuels the other. The most successful regtech tools are actually implemented into existing workflows, not replacing the service or application itself. regtech tools uphold the highest bar for security, transparency, and effectiveness.

Will other markets follow the EU’s lead with payments regulations?

Right now, the trend is pointing to even tighter regulation. Regulators are forced to keep pace with new technologies that are fundamentally changing the financial services landscape and how personal data is used; more so when dealing with cross-border or multinational consumers and services. The EU has pushed forward major changes in recent years, including PSD2, the 4th Anti-Money Laundering Directive (4AMLD), and the General Data Protection Regulation (GDPR). The market interconnection, highly publicized data breaches, and increasing consumer awareness overall will absolutely push other markets to revise existing regulatory guidelines.

About Zac Cohen

Zac Cohen is an experienced business leader focused on strategic planning and execution, corporate management, risk management, and operational efficiencies. With nearly 10 years of start-up and tech experience - primarily in the compliance space - Zac has built and scaled companies by applying a proven people-systems approach of collaboration, ownership, best practices, and accountability. His passion remains technology and its ability to impact the world.

 About Trulioo

Trulioo is a global identity and business verification company that provides secure access to reliable, independent, and trusted data sources worldwide, to instantly verify consumers and businesses online. Trulioo’s bank-grade online verification platform, GlobalGateway, helps organizations comply with Anti-Money Laundering (AML) and Customer Due Diligence (CDD) requirements by automating Know Your Customer (KYC) and Know Your Business (KYB) workflows. Named as a 2017 CNBC Disruptor 50 Company, Trulioo’s mission is to solve global problems associated with verifying identities by powering fraud prevention and compliance systems for customers worldwide in an effort to increase trust and safety online.