The new European payments regulation –PSD2– will bring sweeping changes to the industry, as it allows third-party payment service providers (TPPs) to access the banks' infrastructure. This regulation will also enable fintech companies and communications operators to join the payments market. How are the banks reacting to this influx of new players? The Revolution Banking 2016 event took up the debate.
According to Álvaro Martín, head economist of digital regulation at BBVA Research: “The banks see the threat coming from the fintech sector, but competition in the area of payments will not only come from the fintech sector but also from communications operators such as Orange, which will offer mobile banking, and from established online platforms like Google or Apple that are breaking into the world of payments”.
Martín noted that the European Commission's new regulation “marks a sea change, as the regulator is usually responsible for consumer protection and ensuring stability. In this case the focus is on generating competition and a wider offer for consumers. This is a significant shift, and we're not sure where it will lead”.
Marcos Alonso, payments practice lead at Capgemini in Spain, said thatthe new regulation represents a “radical change” that will mean that banks have to open up their APIs. PSD2 improves service to the consumer, enhances security, and above all increases competitiveness within the market, as it opens the door to new players”.
Alonso noted that the new regulation introduces reinforced authentication, although the most significant difference is that it allows third parties to have access to customers' accounts, which was previously the exclusive competence of banks.
According to Alonso, banks will need to implement APIs for sharing information with two types of providers. “One will enable us to initiate payments from any online platform, while the other will be more like the ones we already know as aggregators of financial information. We can access the customers' information and offer them value-added services”.
The Capgemini executive said that “to implement all this, the banks need to generate a series of APIs. This is a new field for most banks, which have to move from a very closed environment to opening up their core systems to the open community of developers and to fintech companies” –a change that Alonso described as “radical”.
Álvaro Martín, the BBVA representative, said that “the banks are facing a significant test in terms of implementation”. Alonso believes the banks are facing a twofold challenge: “on the one hand, they need to interpret the directive, and on the other, they must manage the APIs. Banks must control who has access to this information and how they use it”.
Another challenge Alonso highlighted is the business model, which should allow the banks to benefit from the information they are offering third parties. According to Alonso, the banks have two options: they can either act defensively with an API that complies with the regulation and allows the customer's basic movements to be consulted, or they can go one step further and become an account information provider and compete with the fintech companies.
The hardest task for the banks, Alonso added “will be to transform themselves completely, to join an open API platform and publish their APIs so the open community of developers can use them and obtain added value from them. This will enable them to build loyalty among their customers and even offer them services for which they are willing to pay and earn money”.
Martín concluded that the third parties –TPPs– are a delicate issue, as the banks have to offer the information and set up their APIs in a scalable way "They need to know who these TPPs are and how far they're going to draw on the banks”.
This is something that will need to be clarified before giving the green light to the regulation, scheduled for 2018.