Jay Hibbin, regional sales director – financial services EMEA, CenturyLink
Originally proposed by the European Commission in 2013, for some time, the introduction of the second Payment Services Directive (PSD2) in 2018 has felt like a distant concern. Yet, since the turn of the New Year and the realisation that this major regulatory shift is less than 12 months away, we’re seeing PSD2 hitting the headlines more and more frequently – it’s become the acronym of the moment.
Under the new regulation, banks will be obligated to provide third parties such, as fintech providers other banks and merchants, with access to their customers’ accounts via open application programme interfaces (APIs). So, for example, if a consumer were to purchase an item on Amazon, the user wouldn’t need to be redirected to Visa or PayPal to make the payment, but rather Amazon would be able to make the payment for the user. As a result, these third parties will then be able to build financial serviceson top of the banks’ data and infrastructure and further expand their customer offerings to enhance the experience for the end user.
In addition, account information service (AIS) providers, for example, could act as consolidators under the directive. If a customer has multiple accounts, an AIS will use an API to gather all the data on those accounts and aggregate it to offer value-added features – such as a proactive text, which could suggest that by moving their money to another account, the customer could save themselves £50 in overdraft charges. By monitoring a customer’s spending, an AIS can become more proactive and provide useful information based on the T&Cs of the various products it has in the market.
The open banking rules,proposed by the CMA (Competition Markets Authority), and the implementation, brought about by PSD2,will also require new data protection as, while it’s true that third parties will have access to a bank’s customer data, they will require the specific permission of these customers and will need to make it clear what they are offering. This is where the General Data Protection Act (GDPR), which also comes into force in 2018, can step in. As opposed to PSD2 which focuses on the sharing of data, it focuses on protecting this data – however, what unites the two is that they both put the customer at the heart of their aims. If fintechs and third parties are to access this customer data, they will need to be explicitly clear in what they are offering in order to gain the consent of the customer.
This is a fundamental shift in the nature of banking as we know it. This change will ultimately result in much more choice for the customer – the key aim of the regulation.As consumers are presented with more choice when it comes to financial services, there is the fear amongst banks that the once guaranteed loyalty to one financial provider that existed will begin to dissipate.
It’s been well documented that as the landscape becomes more competitive fintechs are recognising the opportunity to seize a piece of the financial pie. However, whilst some more innovative startups are hoping that this will give them the opportunity to ‘Uber’ traditional financial providers, this might not be a realistic view. Given the complexity of data protection, and the undeniable loyalty to established players when it comes to looking after our money, the banks should instead be looking at the opportunity that PSD2 presents as a means of spurring on more innovative thinking.
A cause for change
Although there are fears that fintechs could ‘eat the lunch’ of the big banks, however attainable or unattainable these may be, PSD2 should be forcing banks to think about how they can provide more innovative solutions and services for their customers to compete with their younger counterparts. If they are to develop new offerings and speed up the time to market, banks must absolutely be looking to the cloud to achieve both of these goals.
Metro Bank is a great example of a bank that is has successfully utilised the benefits of the cloud in order to keep a competitive edge and speed up their time to market with new products. Although Metro Bank was ‘born digital’ and had little in the way of legacy systems, this is the example that other financial institutions should look to lead from.
The cloud as an enabler
Like Metro Bank has done, banks need to be continuing to look to the cloud to keep agile, using its advanced orchestration and management systems to deliver innovative software to clients quickly and securely. This is where banks should be looking to migrate new projects in an R&D or developmental phase to a cloud environment.Similarly, anything that’s quick to develop, contains minimal viable product, or involves dev ops for products and service is key to success, are logical candidates for consideration during the first tentative steps into a production cloud environment.
Essentially, any standalone products that sit outside core banking legacy systems (even though they may well interface with these systems) could also be potential workloads for migration to the cloud in subsequent stages. This includes innovative applications such as PSP payment solutions, for example, and any new functionality such as mobile payments, omni-channel banking front-ends and websites built using standard and widely available software components. This will enable banks to operate their newest service offerings, much like their fintech counterparts, ensuring that their innovative customer facing projects don’t get bogged down in age-old legacy systems.
Which cloud is the best cloud?
However, there is by no means a “one size fits all” approach to which environment is most suitable for a move to the cloud. Multiple public and private clouds have their place. The key is to choose the best execution venue for each application – and operate these under a single hybrid ITmodel.
It’s hard to disagree that the transparency of cost, flexibility and agility offered by the cloud aren’t beneficial, but there is a high-level perception in the boardroom that the public cloud is cheaper than traditional managed hosted systems. However, banks need to be careful to ensure they consider the workload and usage patterns of the operation– as this will all play a part in containing the overall cost. By way of illustration, should a system be running 24 hours a day, 365 days a year, actually only needing to scale up on a particular time of the day, month or year, the usage pricing model can mean this will ultimately cost more than expected.
Security is also a key factor to consider when building a cloud strategy. Public cloud is suitable for workloads that require huge computing power, need to scale at continued pace and have the ability to switch on and off easily, but it can be harder and more costly to secure to the required standard depending on the workloads deployed than private solutions. The latter is consequently more readily used when holding highly sensitive customer data and needing to comply with internal governance and external regulation.
By combining the utility benefits of public cloud with flexibility and elasticity, while maintaining the privacy of a dedicated private environment, a hybrid cloud represents a third way, which offers the best of both worlds. With this, it’ll become increasingly commonplace for banks to require multiple cloud providers, with a strategy encompassing both public and private options. This approach can offer greater flexibility and efficiency, but it will also be a lot for the CIO to juggle. Banks that take on multiple cloud providers should seek to reduce operational headaches by adding a managed service layer and integrated orchestration with a ‘single pane of glass’ approach to ensure the promised savings materialise, and to keep complexity to a minimum.
Preparing for the inevitable
It’s widely agreed that PSD2 will substantially increase the level of competition traditional banks will face from digital alternatives, as they’ll no longer be able to rely on their vast customer data as a point of difference. If they don’t find ways of using the data to their own best advantage, they will miss out on a massive opportunity – PSD2 doesn’t only stand to benefit fintechs, but should be forcing banks to find ways of providing more innovative products for the customer.
By giving thought now to the types of services and data they want to move to the cloud, the type of cloud they want to move it to, and the steps they need to take to make this happen, banks can begin preparing for the inevitable and ensure they retain the agility they will require once the market widens in a year’s time.
“Original publication in Finance Digest Issue 1 https://www.financedigest.com/