BANKING

PSD2 and banking compliance

PSD2 and banking compliance

By Martin James, Regional Vice President, DataStax

Martin James, Regional Vice President, DataStax

Martin James, Regional Vice President, DataStax

Always look on the bright side: how banks can make PSD2 into an opportunity, not a hindrance, based on the value of data

When the European Commission’s revised Payment Services Directive (PSD2) is enforced, it will completely change a market that has in many ways stood still for years. While other industries have adapted and embraced technological innovation, banks have only done so in areas where they can build on top of their legacy systems, applications and processes. Alongside this addition of more technology, there has been reluctance to change.

For many years, banks cited the cost and risk of moving to new platforms from their existing, siloed IT environments as too high. However, this is having a detrimental effect now, as customers aren’t able to get a comprehensive picture of their accounts, or benefit from new services as quickly.

The advent of PSD2 presents these banking IT teams with an opportunity to change all of this. After all, PSD2 was designed to expand the payments market through boosting consumer protection, choice and accessibility. By enhancing the security of payment services and stimulating new market competition and innovation, consumers should benefit.

However, the opportunity here comes against a backdrop of more market competition and new entrants from the technology space. Traditional banks will have to compete with challenger banks that may have a head start in both complying with the directive and exploiting any changes that comes as a result of this. Similarly, new niche fintech suppliers will be ready to finally get access to data that has been held – and monopolised by banks for a number of years. Behind these smaller companies, the big Internet players like Facebook, Google and Amazon stand poised to enter the banking sector too. In addition, consumer expectations are being driven not by their interactions with other banks but by their experiences with everyday innovative applications like Netflix, Uber and Starbucks.

The impact of all this means that banks are competing with far more companies than ever before for customer attention, trust and loyalty. Banks have already learned lessons around customer experience from consumer applications and new fintech market entrants; however, PSD2 will mean that those lessons have to be used.

Prepping for PSD2

Compliance with PSD2 is not optional. Banks have to implement support for new payment systems, and availability of customer data. They are required to provide regulated third party providers with access to accounts based on the customer’s consent. This data includes transactions, balances and payment initiation, which would provide a thorough record of what the customer buys as well as their financial relationships. The third parties themselves are separated into Account Information Services Providers (AISPs) and Payment Initiation Service Providers (PISPs).

Both will be vying for access to the customer data that the bank hosts. The method for delivering this data is through application programming interfaces (APIs) that bypass merchant acquirers and payment processors, and connect banks, retailers and customers directly. Crucially, banks don’t have a choice about opening up their APIs. It is mandatory for any company that hosts current accounts. This means that an AISP can, on request through the customer, retrieve information from that customer’s account and use that information for analysis. PISPs will be able to be paid instantly when their request is approved through the API implementation.

However, while it is mandatory, it has not been an easy process for banks to implement. This is because customer data – which is the core asset within PSD2 – can be spread widely. For a customer with multiple accounts at a single bank, each set of account data will be spread across different silos of IT infrastructure, through a number of different systems and applications that don’t necessarily ‘talk’ to each other. For customers with accounts at multiple banks, each silo of data is held by competing companies that would all love to take that customer from each other. To make API access a reality internally as part of core banking applications is therefore an arduous and expensive process.

Instead, banks can support API access as part of a data management layer. This would effectively bring these disparate systems and applications together, translating API requests of data, and enabling them to be passed through to the central mainframe application. Much like cloud computing, an API management layer is scalable and flexible, meaning that it can cope with varying demand for API requests, without having to add more workloads to the central infrastructure. In turn, the impact on central banking applications is reduced, and payment requests can be prioritised.

What does the availability of data to third parties mean for the banking business model?

There’s likely to be a flurry of new market entrants who will be seeking to disrupt the payments market by using data in new ways. If they’re offering customers new insight, services or products by making better use of real-time data to affect customer interactions in the moment of engagement than other existing banks currently do, it’s likely that customers will flock to these new providers.

This will give banks less control over the experience the customer is getting, and potentially damage the perception of the bank as an organisation that can merely offer the basic, traditional services, rather than new, innovative services that make a significant difference to a customer’s life. Perhaps most importantly, it can lead to customers no longer feeling attached to any particular bank. While they still need banking services, do they need a bank to provide them?

So what can banks do to react? Much will depend on whether the bank wants to stick to traditional banking services, or look at new business models going forward and learn from these new market disruptors. Banking management teams will have to consider the type of experience they want to offer to customers, the processes they will have to implement to achieve that experience, and the back-end technology needed to support that experience at scale.

Some banks accept that they should concentrate on specific market areas and focus on them, working with other providers who are better suited to the other areas. Likewise, some are merely doing the bare minimum to ensure they comply with PSD2 and adopting a “wait and see” approach around what services customers really want. This approach can save wasted effort with building new applications or services that don’t achieve growth targets; however, this is at the expense of some customer churn.

This approach may be suited to smaller private banks that have long and often deeper relationships with their customers, but it is a big risk for high-street banks. If banks don’t take the opportunity to implement new system architectures and compete from the start with new market entrants, they’re likely to see their customers switching to providers that do. Of course, this may be a lengthy process – it isn’t always clear to customers what the potential upside of changing their banks or providers is, but over a number of years this will become clearer, as the banks who do update their processes will be able to adapt and offer services to compete with new entrants, while those that don’t will have to start from scratch.

For all banks and financial service providers that have to comply with PSD2, business processes and IT architecture both have to be re-architected so that new services and products can be provided through the bank directly. This isn’t a small change that requires the IT department to deliver services that are ‘a little bit better’ than what exists currently; instead, it requires a step change in capacity and capability that affects the whole organisation from end to end.

Dealing with customer data

If banks do manage to group all of their data together and use an API management layer to good effect, they will be able to reap the rewards from building value from the data they hold. This includes using the data created by customers’ account activities alongside external information on those customers. By looking at various customer groups and analysing their activities over time, it’s possible for the bank to build up contextual insight into how customers respond to market circumstances and offers. In addition, banks should use customer data in real time, and deliver more useful customer engagement while interactions are taking place.

Traditionally, banks would have complete control over that customer data, but PSD2 enables third party providers to get this insight too. This means banks now have the challenge of being able to do more with that data, sooner, in order to maintain the same competitive edge.

Banks need to be able to embrace the competition, while leveraging API integration and their existing customer relationships to develop a self-serving ecosystem that centres on their own banking services. The path they choose now will affect the trajectory of their entire business; taking the easy route may have damaging implications in the years to come, but taking the more thought-out route will enhance customer experience. In turn, this can keep banks at the forefront of their industry and ahead of competitors.

To Top