PSD2 will bring under regulation financial technology companies that do not enter the flow of customer funds, a development that some industry players will welcome, while others will strongly oppose. John Fernandez, PPRO Group, Jakub Grzechnik, PKO Bank and David Parker, Polymath Consulting, take a view
John Fernandez, senior legal and regulatory counsel, PPRO Group
Since the first Payment Services Directive in 2007, advancements in payment technology have continued at rapid pace. Authorising payments via mobile solutions such as Apple Pay, wearable technology or fingerprint recognition have become viable options for consumers at point of sale (POS). Similarly, in the online world, consumers are able to access services that utilise bank account information such as transaction history or their ID to simplify account switching, or to initiate payments from their bank accounts from outside of their online banking ecosystem. This latter field of innovative technology providers – known as "Payment Initiation Service Providers (PISPs)" have quietly established a niche presence within several European markets. So much so, that the European Commission has directly flagged them for inclusion within PSD2.
PISPs are largely FinTech companies that have taken the opportunity to expand in markets where traditional online forms of payment such as credit cards are not prevalent. PISPs have developed payment technologies which allow consumers to make payments online by providing their banking login credentials to a PISP in a secure manner, in order to initiate a payment from their bank account. PISPs provide a low cost manner for consumers to make payments while affording online merchants a method of payment that is secure and not subject to chargebacks. For the most part, these schemes have largely been operating outside of the sphere of direct regulation, however, PSD2 is set to change this course and bring these entities under the umbrella of financial regulated firms.
So what does this mean for these innovators?PISPs will need to prepare themselves for an application and authorisation process with their domestic regulatory authority before being granted authorisation as a payment institution in order to offer their services. The application will include providing a programme of operations, business plans, descriptions of governance and internal controls as well as security policies. These entities will not be permitted to hold consumer funds and will need to obtain professional indemnity insurance.
The major positive is that these firms will have an official legal framework in which to operate. Banks will no longer be permitted to draft consumer T&Cs which forbid their customers from sharing login credentials in order to authorise payments. Nor will banks be able to shut out PISPs from accessing accounts other than for "objectively justified" reasons related to fraud or unauthorised access.
Threat or promise?Many banks may find the increased scope of PSD2 a threat or challenge to their incumbent market position. However, on the contrary it should be viewed as an opportunity to create synergies between fintech and banking in order for financial service offerings to further evolve. Fintechs are typically smaller, more agile businesses that can act quickly to take advantage of new opportunities, and this will certainly take place. Banks should actively seek out key partnerships with fintechs in order to leverage the market opportunity they present.
From January 2016, EU regulatory authorities will have a two-year time frame in which to implement PSD2 on a domestic basis. Despite the additional compliance overheads associated with operating in the regulated sector, innovators will be brought into the regulatory spotlight and this should open many doors in terms of creating awareness within markets and improving customer uptake. Twenty four months within an existing business may seem like a long time, but forward planning and effective preparation will be key to surviving the payments evolution and transition into the regulated arena.
Jakub Grzechnik, head of mobile and internet banking, PKO Bank
We are deeply concerned about PSD2 but at the same time we are familiar with the theme of the whole retail banking revenue stream being cut up by fintechs that are taking chunks of retail banking and building their own businesses on it.
It’s just that after PSD2 the fear is we will be left only with the cost and process of brand current accounts and all the profits will be taken up by the other small fintechs.
It is a possible scenario but we are trying to create such a strong experience for the customer: an integrated, multichannel experience, that the ‘stickiness’ customers have will make it difficult for all the start-up players and all the competitors to get those profitable opportunities.
Just look back at our history. mBank is a formidable competitor but even still, PKO Bank, as an incumbent and as a traditional institution, have managed to retain our market share and remain the top bank in the country.
We are all big banks trying to create a customer experience, good enough for the customer so that the customer is too lazy to go elsewhere.
David Parker, CEO, Polymath Consulting
The real issue for many banks is that with the open API’s coming in under PSD2 many of the legacy platforms will have significant challenges delivering on the regulatory requirements for data access.
PSD2 will not marginalise card payments; any intermediary processing the payment between retailer and bank is going to have to provide the infrastructure for a lower cost than 0.2% of the transaction, or 20 basis points that is now being charged on cards. This is certainly going to be challenging!