A new era of Banking has begun

A decade or two from today, we might look back at the 13th January 2018 as a date of historical significance for financial institutions across Europe. Payment Services Directive 2 (PSD2) is in effect from today. Also, the UK Open Banking is in force for the top 9 banks across UK and Ireland. For once, ‘exciting’, ‘innovative’ and ‘financial regulations’ can be used in the same sentence. These regulatory changes will create a transparent and open market to foster innovation, put the end-user/ the account holder in control of how they want to use some of the banking services.

In a nutshell, under the PSD2 provision, a bank account holder can allow a third-party-provider (TPP) to:

  • Access their account information and transactional data (things we see on our bank statement)
  • Authorise and initiate payments from a bank account without using long card numbers or issuing schemes. For example, in an ecommerce transaction, there will be a choice to ‘pay direct’ in addition to credit/ debit card.

Financial institutions are having to open up their core systems of record and platforms to the regulated TPPs (but potentially unknown and untrusted by the institution) and treat them without any discrimination. TPPs do not need to enter any contractual relationship with the bank and they can access these systems – most likely via APIs (application programming interface) at no cost. They do, however, need to be fully authorised by the regulator for the services they want to provide in their respective markets. A bank can also play the role of a TPP as well.

With all the changes happening, I thought it might be fun to explore what a TPP can really do with the data. What the art of the possible might look like and, as a result, how the industry might evolve. In pursuit of this goal, I took my own banking data and performed very rudimentary analysis. I am not a data scientist by any stretch of the imagination but here are the dots I joined and conclusions I drew based on very limited data I had access to.

Types of transactions

  • Scheduled and Regular Payments via standing orders and direct debits
  • Regular but unscheduled payments. For example, meals I might buy at or near work on a weekday
  • Irregular payments. This includes impulse purchases, holidays etc.

Transactional data

Payment Type Metadata Inferred Data
Scheduled and regular Payments · Utility payments

· Mortgage or rent

· Weekly shops in supermarkets

· Transfers into other saving or current bank accounts

· Income and sources

· Number of bank accounts held

· Other Banks and Financial Institutions I have accounts with

· Number of standing orders and direct debits

· Any charges paid on the account either in form of product fees and charges

· Types of savings I have (ISAs, Savings account, pensions etc.)

· Other properties held

· If I am an employee or a business owner

· Employer’s names and locations

· Shopping habits including locations, shops/ brand-affinity, online/ offline

· Utility and service providers and the specific utility plans/ products I have subscribed to

· Size of the house

· Specific products purchased or subscribed to e.g. Amazon Prime, Netflix, BT, Sky, magazine subscriptions, professional memberships

· Charities supported

· Car(s) owned

· Eating habits based on categories of restaurants, frequency, locations, amounts spent

· Hobbies – regular club membership payments or, equipment shops.

· If I have children and potentially determine their age.

· Preference for using banking services. For example, number of transactions conducted in-branch/ online/ mobile, style of payments (Chip-and-Pin, Contactless, Apple Pay)

· If I travel overseas and my spending habits when I am overseas (do I use cash/ preloaded cards, do I buy cash at airports etc.)

· How much cash do I use

· Digital savvyness; do I use disrupters – Uber, Airbnb, robot-advisors etc.

· Long term medical illness

· Branch using habits (payments made in branch)

· Taxes paid

· Loan and mortgage repayments.

Unscheduled but predictable payments · breakfast, lunch, coffee purchased

· Impulse purchases

· Gardening/ window cleaning services used

Unscheduled and unpredictable payments · Holiday purchases

· One-off purchases (DIY stores)

Style of payments · Cheque

· ATM

· Debit card

· Credit card

· Contactless

· Apple/ Android Pay

· Chip and Pin

· In branch

· P2P payment

· Mobile payments

· In-App payments

· Bank GIRO

This analysis demonstrated that the metadata will reveal personal and sensitive information about individuals and families – and could be argued that it is more valuable than individual transactions. And to do this at scale, using algorithms, can enable a TPP to mine this data and create value for the customers. Also, if a TPP is an aggregator (known as an AISP) and a payment initiator (known as a PISP), they can combine additional data and metadata to enrich information and the confidence in it. For example, a bank may not provide full description of a transaction but it may be available to a PISP as they work with merchants to initiate ‘request to pay’ requests.

A TPP can generate and deliver meaningful value to retail customers and creating offerings for B2B buyers as well. Here are some examples:

Creating value for retail customers

Providing guidance/ nudges to help individuals identify financial and non-financial products that are suitable, affordable and better value for money for an individual or, a family. The end goal here will be to help people be better off over time; help them make better decisions based on facts and data rather than emotion. For example:

  • Current accounts that provide similar feature/ functions, better terms (which end-customers generally do not read) and has no monthly fee.
  • Help avoid overdraft fee and charges by giving early notifications when an algorithm predicts the user to go into overdraft as scheduled payment might push the user into an overdraft. Suggest other accounts where money could be moved from temporarily and make it happen in a click.
  • Find “moments” to provide achievable tips and financial education; for example, how to improve credit ratings, or long-term savings for children, or showing how just saving little amounts can result in large savings in the long-term
  • Build and link key life events with financial events such as going to university, getting married, buying a house, buying a car, having children and so on. Giving nudges to save early and at the right ‘moments’.
  • Financial/ Budget planning tools – showing families how much they would save if they were to use alternative products from the same supplier (e.g. fixed rate rather standard rates for utilities) or, by leaving certain vendors covering utilities, media and entertainment etc.
  • Add loyalty points for every shop where the customer may have forgotten to swipe their points card.
  • Manage purchase receipts digitally and help people do their expenses.
  • Help get refunds from retailers, travel and transport companies
  • Micro-lending at the point-of-sale; this could be particularly useful for individuals with low credit rating and who do not have a credit card (more on this in another blog).

Creating value for business customers:

Here are examples of offerings, products and platforms that a TPP may be able to create for the B2B market:

  • As a PISP, a TPP can build a new payment gateway that can process ‘direct from bank’ payments in ecommerce transactions and in-App purchases. For example, a supermarket could embed the new payment style in their mobile app, shoppers can scan and put items in the basket and checkout directly from their mobile. No need to queue and reduce cost of processing payments at the same time. Retailers, Travel and Transport, Holiday companies are likely to be the biggest beneficiaries of direct payments.
  • Over time, as significant number of users join a TPP, they will be able to derive trend and demographic information at a street, borough, city and national level. Hedge funds and investment managers might be interested in this data to give them insights into how much, where and what people are spending money on so they can take these ‘alternative’ data points as inputs in their investment decision-making engine. Similar systems have been making their way into the industry.
  • A new alternative for credit ratings. Most people do not know how credit ratings work and/ or how to improve them. With visibility to transactional and granular data and the metadata, a different type of credit rating engine could be developed – particularly for the ‘underbanked’ segment of our society and those with poor ratings for no fault of their own. A retailer, for example, may be interested in using this type of credit rating to offer micro-loans to customers.
  • Better fraud detection. Most banks have at least one payment fraud engine; however, these systems generally rely on a user’s past behaviour with the bank or rules set within the boundaries of the bank. With access to user’s activities from across multiple banks, the user profile could be richer and the false positives ratio can be dropped further. Thereby enhancing customer experience.

With all the excitement, we must not forget the challenges that come. TPPs must treat the data and the insights that they can draw with care and attention it deserves. Moral and ethical discussions ought to be held and standards need to be established to ensure that the data is ultimately used for the benefit of the end-user without the creepy factor and product sales agenda. More needs to be done to educate end-users about PSD2 and how new types of services that, we haven’t yet seen, will be created. As without mass adoption, the innovation and value will not be financially rewarding for TPPs.

Despite its imperfections, I am excited about PSD2 and looking forward to what the next iterations of the regulations will enable. Combined with similar initiatives in other industries, I am excited about the possibility when all of us are in complete control of our data and that it cannot be stolen or impersonated. We can choose to share our data with whomever we want – in exchange for value. It becomes a valuable commodity we can trade.

3 reasons why PSD2 will not revolutionise financial services

Since its announcement in 2015, European Union’s Payment Services Directive 2 (PSD2) has become the most debated and discussed topic at conferences and board-rooms around the world – well beyond the boundaries of the European Economic Area and the Financial Services Sector.

For an introduction to PSD2, see PSD2 101 but at a high-level, PSD2 enforces financial institutions to deliver the following capabilities:

  • Open access to account information (everything you see on your statement).
  • Allow access to payment services via APIs. This includes receiving, sending and checking status of payments in flight.

Under PSD2, account owners can authorise one or more third parties for either or both capabilities in return for potential value-add-services. For example, allowing a third party to access account information means that, particularly in the scenario of multi-bank/ multi-account individual who currently uses different apps from different banks/ product-type to check balances and transactions can use a single app. Similarly, allowing a third-party to initiate payments directly from the bank account without using long-card numbers has its merits.

PSD2 appears to create a level playing field for all market participants. It is democratising customer data held by banks (with permission) and gives customers choice in how they use some banking services without necessarily using their banks. However, there are some fundamental challenges that will prevent PSD2 to be as ground-breaking as it could have been. These are:

1. Customer Education and Motivation

There is little to no effort being put in to generate awareness about PSD2 that a person on the street can understand. Buyers need to understand the differences between current mechanisms to make payments and the new direct-from-account style payment in the post-PSD2 world. Pro-and-Cons need to be articulated in very simple terms so it is clear to all age groups and backgrounds. PSD2 can benefit the underbanked segment of our society who do not have credit cards and often only have ATM cards that can only be used in certain high-street stores. Being able to pay directly from the bank account will enable them to participate in eCommerce and potentially get better deals.

Similarly, businesses who accept payments from customers need to understand the alternative way to accept payments electronically. They will need to work out how to integrate PSD2 style of payment in their customer journeys. Some retailers with physical stores may also want to offer this style of payment to customers in store via an app for convenience. Currently, other industries appear unaware that these changes are happening in the payments industry. Clearly, incumbents who provide card processing systems to these businesses, may not be motivated to explain the alternative payment option due to the risk of cannibalising their own revenue streams. Fees for processing PSD2 style payments are capped at 2bp (2p for every £1) compared to 1–4% (depending on the scheme) that businesses may be paying today. This can be significant reduction in cost – particularly for those with large volumes of card transactions. In recent years, we have seen several retailers disputing interchange fee and taking legal action. PSD2 may force schemes to lower their fee and increase focus on B2B value-added services and customer loyalty.

As we have seen from the UK’s current account switching service, it takes times for consumers to trust and use a new service even if it benefits them. Launched in 2013, after continuous campaigns across TV, Ratio, Newspaper and online, as of May 2017, at the time of writing this blog, only 3M current accounts were switched using this service. Some people in the industry would regard this as a failure. An estimated £800m have been spent on the scheme so far.

Also, just because there is an alternative way to pay, does not mean that buyers will use it. Using a card issued by a major scheme does have its merits – fraud protection/ loyalty/ concierge to mention a few. Also, to pay direct from your account, the buyer will need to have cleared funds in their account. A credit card issued by a scheme can act as a short-term buffer for many. Whilst retailers would benefit the most from PSD2, they are unlikely to pass on any cost benefits to the buyers – further deter a buyer from paying direct.

2. Universal” APIs and Data Model

Approximately 4,000 financial institutions across EEA are affected by PSD2 and need to expose access to account information or, both account information and payment services via APIs. With no universal standard across EEA (except the UK), all institutions could comply to the regulation in their own way. For example, to comply there are likely to be 6 – 12 APIs. For example – validateTPP, getAccountInfo, getAccountTransactions, getCustomerInfo, initiatePayment, checkPaymentStatus, registerCustomer, checkConsent, unRegister, etc.) there could be at least 4,000 x 6 = 24,000 APIs. And, if we assume that each API will have three versions – current, new and old version for interoperability/ support reasons. This creates at least 24,000 x 3 = 72,000 APIs. Anyone looking to create a universal payment app, or an aggregation app will be consumed by the mammoth task of integration.

Therefore, this may create further fragmentation and oligopoly. In the UK, there is a slightly better environment. UK’s Competition and Markets Authority, is setting those standards and at least 9 UK banks will adopt those standards with a hope that the rest will follow. See these standards here – https://github.com/OpenBankingUK/opendata-api-spec-compiled

Without a consistent, standard API and governance model – this will be a spaghetti mesh of complex integration touch-points and be counter-productive to innovation in the industry and potentially put off new entrants. Several FinTechs in Europe have started a campaign claiming that PSD2 will force them to be dependent on banks. For more details, visit http://www.futureofeuropeanfintech.eu

3. Additional Competing Regulation

Shortly after PSD2 comes into effect, in May 2018, General Data Protection Regulation (GDPR) will be in force. GDPR is a cross-sector regulation that puts more responsibility on data controllers (a retail bank, for example) and processors (an AISP, for example).

GDPR gives customers the right to ask a service provider (bank, retailer, insurer etc.) what data they have about them (data access), request to be forgotten (data erasure) or, port their data to another financial institution.

For a financial institution, it includes physical letters/ emails a customer may have sent to the bank, phone calls that may have been recorded, externally sourced data and interaction/ product/ transactional data. Discovering these data sources, making them accessible in a safe and secure manner is a grand technical challenge.

In context of PSD2, a third-party accessing customer data even with their consent, needs to comply with GDPR. They will need to tell the user what data they are gathering, for what purpose, for how long will the data be kept, who is it shared with and what processing is done on the data. In addition, they must refresh consent every 90 days. Complying with GDPR is onerous and resource intensive. Non-compliance penalties are hefty –   20M Euros or, 4% of annual worldwide turnover.

Onerous nature of GDPR will deter new entrants and new services. Particularly from large financial institutions until they have fully understood the implications of GDPR.

 

Summary

Open Banking and PSD2 has the potential to transform the Financial Services Sector across Europe and beyond. I view this as a once-in-a-lifetime opportunity to shape the future of Finance. The affects are also far reaching. Financial institutions from as far as Japan, Australia, South Africa are already expecting a PSD2-equivallent in their geography. Accepting the inevitable, many organisations have already engaged with their regulators and industry bodies to influence and shape their thinking. However, all eyes are set on Europe for the next few months.

Due to the reasons explained above, I believe that it is very unlikely that PSD2 will have a major impact soon after its implementation deadline for the following reasons:

  • Lack of Europe-wide standards for Security, Data and APIs (in that order) will hinder innovation.
  • Financial institutions will focus on compliance and will not fully embrace the spirit of PSD2. Additional risk and liability requirements only underpins this.
  • Educating the consumers will take much longer than anticipated and much to retailers’ dismay, consumers will not have strong motivations to pay direct.
  • Schemes will enhance their customer protection, fee and loyalty programmes.
  • Lack of understanding of GDPR and its implementation will delay the introduction of value-added services.