It’s now been over a month since the European Commission (EC) published their
package of proposals for the next generation of payments regulation in the EU. The proposals – which will see PSD2 split into a new directive (PSD3) and regulation (Payment Services Regulation/PSR) – have generated plenty of headlines since their release.
But what are the proposal’s potential implications for the open banking ecosystem specifically? And do they have the potential of realising the EC’s stated objective of “improving the competitiveness of open banking services”?
Having now had some time to reflect on the proposals, my thoughts on both these questions are set out below.
Baseline open banking ecosystem functionality and performance will “level up”
The size and complexity of the EU banking sector, combined with differences in interpretation of specific PSD2 requirements, has led to large differences in the level of functionality and performance of banks’ open banking interfaces, both within and between
EU member states.
I’m therefore encouraged by the EC’s proposal to introduce an explicit baseline level of functionality and performance that all bank open banking interfaces will, at a minimum, be required to meet. My belief is that this should help to “level-up” the minimum
level of functionality and performance that can be expected consistently across the ecosystem.
As is frequently the case, however, the devil will be in the detail and the EC has left much of the specifics of the required functionality and performance to be defined in future by the European Banking Authority (EBA) in Regulatory Technical Standards.
At Token.io, we hope that the focus of these requirements will be on improving the quality and consistency of end user experience, in particular for open banking-enabled payments. For example, minimum baselines for end user authentication flows (such as
app-to-app redirection), as well as specific user experience guidelines, would provide a big boost to driving end user familiarity, confidence and ultimately uptake in ‘Pay by Bank’ propositions.
API-based open banking interfaces will become universal
As an API-only third party provider (TPP), it will not be surprising that we at Token.io believe API-based interfaces offer the most secure and performant way for TPPs to interface with banks. API-based interfaces support TPPs in delivering the most innovative,
performant and secure open banking services, which ultimately drives better outcomes for end users.
As a result, we welcome the EC’s proposal to introduce a new explicit obligation for banks to provide an API-based open banking interface. This will remove the current alternative option of enabling open banking access via modified customer interfaces (an
enhanced form of “screen scraping”). While most EU banks already have API-based open banking interfaces, making this standard across the whole EU will further maximise bank coverage as well as the potential customer base that API-focused TPPs can offer open
banking services to. In turn, this will support greater uptake and demand for open banking-enabled services overall.
TPPs will get greater visibility of the underlying status of open banking payments
It’s critical that TPPs and their customers have better clarity on the status of open banking payments once they have been initiated. For example, many businesses will only release goods and services to their customers once they have confirmation that associated
payments have settled into their accounts. Token.io has developed a ‘Virtual Accounts’ solution to help solve this issue for our customers. However, there is still no industry-wide solution.
While PSD2 placed some limited obligations on banks to provide TPPs with information on underlying payment statuses, the EC’s proposals strengthen these obligations. The new proposals make clear that banks will need to provide payment status information
to TPPs both immediately after initiation and whenever subsequent information on the payment status becomes available to the bank.
This development, combined with the EC’s separate proposals mandating the EU-wide adoption of instant payments, will help further unlock the use of open banking payments in wider use cases.
A more consistent and enforceable regulatory environment for open banking in the EU
A hallmark of the PSD2 open banking regime has been divergence in interpretation and implementation of rules between different EU member states. For TPPs operating across multiple member states, this has driven significant cost and complexity, and made offering
consistent pan-EU open banking propositions challenging.
However, the structure of the EC’s new proposals — specifically the shift of most open banking rules from a “Directive” into a “Regulation” — will help drive a more consistent regulatory environment. Unlike Directives, Regulations are directly applicable
in every member state and not subject to transposition into local law, which will minimise and potentially eliminate divergence between member states.
The EC’s proposals also include new elements aimed at improving enforcement activity, including against banks that aren’t meeting the required standards. Further, a list of prohibited obstacles to TPPs accessing bank dedicated interfaces — such as banks
requiring customers to manually provide their IBAN to the bank to use open banking — has also been incorporated directly into regulation. Combined with the explicit baseline described above, these measures should further support in the levelling-up of ecosystem
functionality.
Another step towards a premium API economy
PSD2 has provided, and in future the PSD3/PSR proposals will provide, the regulatory framework for open banking in the EU and the legal basis on which banks are obligated to provide TPPs access to specified open banking functionality on a no-charge basis.
At Token we think the PSD3/PSR proposals have a further key role to play in supporting the emergence of premium APIs, where banks offer enhanced API functionality to TPPs – beyond that required by law – in return for a commercial return.
It is our belief that premium APIs – those built on equitable commercial models, at least – pave the way for higher-quality and more innovative end-user propositions, such as dynamic recurring payments, and in the long term, will support the wider adoption
of open banking-based payment propositions.
The EC’s proposals support the development of premium APIs in two ways. First, the proposals provide a more tangible specification of what specific functionality banks are required to offer to TPPs on a no-charge basis. Second, the proposals explicitly state
that banks are free to charge TPPs for any functionality offered beyond that required under law, removing any ambiguity that may have previously existed.
In summary, the EC’s proposals have the potential to unlock a more consistent, performant and featureful open banking ecosystem, while also helping to lay the path to an even more innovative ecosystem based on premium APIs. We’re excited to support the passage
of the proposals forward into law and to see them start having positive impacts on the EU open banking ecosystem.