A Guide to PSD2

The push for open data to become the universal standard of the financial industry has been heating up over recent years. First codified by regulation in Europe through the Revised Payment Service Directive (PS2D), other regions around the world are taking steps toward their own frameworks that will enable Open Banking platforms to restructure the financial industry at large.

The U.K. has the first implementation of Open Banking in-market, sitting on top of PSD2. It’s important to understand the fundamentals of PSD2 as it serves as a model other regions can reference as they establish their own approaches toward empowering consumers with choice over their financial data.

What is Open Banking?

So what is Open Banking? 

Open Banking, as a concept, is the ability for consumers to choose to share their financial information with accredited third-party providers (TPPs) to create for more personalized products and services; thereby creating a more secure and competitive market. Traditionally, banks have been the sole stewards of consumers’ financial data, but through Open Banking, consumers are empowered with choice over who they share their financial data with and how it is shared.

Banks, FinTechs, and other financial institutions are charged with ensuring the safety and security of their consumers’ financial information, and must adhere to permissions as decided by the consumer.

In practice, when a consumer grants permission for their bank to share their financial data with a particular third party, the bank is obligated to do so, and shares the data via application programming interfaces (APIs) so it can be networked across multiple channels. TPPs accept the data, and can use it to deliver consumers data driven, hyper personalized products and services that help consumers reach their financial goals.

What is PSD2?

The implementation of Open Banking emerged from the Revised Payment Services Directive, implemented on January 13, 2018.

PSD2 took into account technological advancements and allowed TPPs to access financial data with consumer permission to improve universal security standards, and encourage innovation across the banking industry to deliver consumers better products and services.

Beyond its aim to make payments more secure, the directive creates opportunities for open APIs to seamlessly deliver account information to TPPs on behalf of their customers. Given permission by these consumers to use their financial data, smaller financial institutions and FinTech applications have the opportunity to innovate the consumer experience in the banking industry.

What Financial Data is Included in PSD2?

As a payment directive, only consumer transaction data from payment accounts is in scope of PS2D. So consumers may choose to share their current account, credit card, and other spending account information with TPPs, but not their retirement, investment, or other accounts. As Open Banking evolves, these other types of financial data will be included and lead to Open Finance.

Open Finance is a term about the expanded types of financial data consumers can share with TPPs to receive even more personalized products and services that take into account more of a consumers’ full financial picture, and not just limited to payments.

As the market leader in data aggregation, Envestnet | Yodlee is helping institutions prepare for Open Finance.

PSD2 Timeline

When PSD2 began rolling out in January 2018 there was a loose timeline established for implementation. This included a period to allow for testing so that new infrastructure was in working order upon implementation. The directive was set to take effect on September 14, 2019, opening data authentication and TPPs access, giving financial institutions access to new dedicated open AFI interfaces.

However, due to delays, most banks weren’t ready as the deadline approached, so the European Banking Authority gave an extension until December 31, 2019. Financial institutions were also granted an additional transition period of one year, ending on December 31, 2020.

PSD2 Regulation

Along with the timeline, PSD2 has a set of regulations that both banks and TPPs must comply with to be in adherence with the directive. To ensure security, Strong Customer Authentication (SCA), a multi-factor authentication system must be implemented for all remote transactions. However, as the SCA currently stands, banks are applying a “one-size-fits-all” approach across all accounts and not just payment accounts as the PSD2 specifies.

This risks significantly interfering with the customer experience and undermining the promise of Open Banking in empowering consumers with choice over who accesses their financial data. For example, requiring consumers to use a single password to give approval every single transaction where their data is accessed makes for rigid consumer experience, and exposes them to fraud across all of their accounts.

Calls for improved SCA application requirements to avoid such situations have been made, and resulted in some exemptions that banks can make to the SCA when processing certain types of payments. Low-risk transactions, payments for a low amount (usually under €30), recurring payments for a fixed amount, phone sales, corporate payments and trusted beneficiaries are a few of the accepted exemptions.

The Open Banking Opportunity

The implementation of PSD2 in the U.K. proved to be challenging for banks, FinTechs, and other financial institutions with confusion over Brexit and various interpretations of the Regulatory Technical Standards (RTS). The future of Open Banking in the U.K. continues to be debated as a potential PSD3 looms from the EU.

PSD3 would seek to address the pain points experienced by payment services providers during PSD2’s implementation, but the U.K. must consider following it or their own approach to ultimately reach Open Finance and make the 10 year vision of the U.K. Strategy for Financial Wellbeing a reality.

The Opportunity of Open Banking is closer to being achieved around the globe more than ever, and despite its limitations, PSD2 has pushed the envelope toward a global Open Banking environment.

Going Global With Open Banking

Because PSD2 was established with both the consumer and the future of the industry in mind, it has revealed numerous benefits of Open Banking. Open Banking not only encourages innovation in FinTech companies and other financial service providers, it levels the playing field with established, large banks and financial institutions. The increased competition directly benefits the consumer, giving them more access to choices for their financial needs.

Also, processes become more streamlined, personalized and centralized so consumers can make more informed financial decisions at the speed of life. With access to more choices and innovation, consumers will find banking more flexible, convenient and accessible.

The removal of the barriers between banks, competitors, and consumers creates an important connection. It’s through the integral APIs that the aggregated data flows between FinTech companies, banks and other TPPs that solidify their relationships. This connection will provide a seamless user experience like nothing the consumers have used before, and usher in a new era where consumers are more in control of reaching their financial goals.

Open Banking by Region

The second implementation of Open Banking in-market happened in Australia in 2020 through the Consumer Data Right (CDR).

What the future holds for Open Banking beyond the borders of the U.K. and Australia is undecided so far, but America is likely to move forward with an industry driven approach opposed to a regulatory mandate.

The table below helps explain the differences between each region’s push toward Open Banking.

open banking by region