Hogan Lovells partner Jon Chertkow on what the second Payment Services Directive (PSD2) and Open Banking could mean for everyday banking
The way we access banking and payments is undergoing massive changes, driven by the rise of fintech. It, in turn, is becoming so big that the term ‘fintech’ is no longer enough — instead we see the spawning of ‘regtech’, ‘paytech’, ‘insurtech’ and others to describe the changes that are coming.
Much of this change is being driven by:
• New technologies: increased uptake of mobile and contactless; the emergence of blockchain and distributed ledger technology.
• New entrants: the flood of fintech start-ups but also moves into this space by the established, global tech companies.
• Customer behaviours: customers no longer want to use bank branches; instead they want convenience and speed in their dealings with banks.
But what is the role of legislation in innovation? Should it wait for innovation and then seek to regulate it? Or should it pre-empt and even try to enable innovation? Can legislation really drive innovation?
These questions are all relevant to changes that will come into force in early 2018 and which are seeking to enable fintech innovators to make greater inroads into traditional banking territory.
The role of PSD2
PSD2 will require banks to open up their accounts for access by two new types of payment service providers: account aggregators and payment initiators.
Account aggregators already exist and bring together information from different banks in a single place. They allow customers to access, for example, a website or app where customers can see at a glance the balances for each of their accounts — their current account, savings, cards, etc — even if they are offered by different banks.
Payment initiators go one step further and allow the third party to make a payment from the account on the customer’s behalf. They are more common in Europe where they are often used at website checkouts to make a bank transfer rather than pay by card.
While one aim of the legislation is to regulate these existing businesses, by requiring all payment account providers to make their online accounts accessible, PSD2 is seen as an enabler of innovation and a way for new services to emerge.
In the UK, the Competition and Markets Authority is at the same time requiring the largest UK banks to make personal and business current account data available to third parties, if requested to do so by their customers, through Open Banking APIs.
An API or application programming interface is a set of definitions, protocols and tools that allow data to be shared securely between websites. They are commonly used to share information between websites and the intention of the Open Banking API is to allow bank data to be shared more widely. There is considerable overlap (but also significant differences) between the scope of PSD2 and Open Banking.
So what could this mean?
The big fear for the incumbent banking industry is that they become a ‘utility’ provider, giving access to the pipes and infrastructure through which payments are made but with new ‘Third Party Providers’ (TPPs) taking the customer relationship. This can best be seen in the following diagram:
At the moment, the bank has a strong relationship with the customer but when a TPP comes along that relationship weakens as the customer’s primary contact is with their TPP (in this case via a mobile app).
It is similar to the relationship that an airline has with a customer booking through a website such as Expedia — the customer may have a preference for an airline and will ultimately have a relationship with the chosen airline booking a ticket and getting on a flight, but the airline is not in control of the relationship. If another airline offers the same route for a lower price, the customer may choose to switch carrier.
We are already seeing new entrants launching “digital banks” focussing on one aspect of the relationship and seeking to introduce customers to other providers for other services.
At its worst from a bank perspective, banks could be left with all the costs (the need to maintain a branch network, the costs of access to payment systems, etc) but with little of the upside in terms of customer relationships.
Putting the theory into practice
While legislation may make this possible, whether it will really happen in the UK market is much harder to assess.
The real issue is how a TPP would make money. Customers in the UK do not currently pay for their banking services, unless they go overdrawn or have a form of packaged account with additional benefits. That makes it harder for a TPP to come in and charge for a service. While it is easy to see how TPPs could devise fantastically usable apps that would appeal to consumers, would consumers be prepared to pay for them when they could instead log in to mobile banking for free? There is a real challenge there.
There may be tech companies who would be prepared to offer the services for free in exchange for the data they would obtain as a result but that will potentially be a fairly limited playing field. There could also be those who can use this as a cheaper alternative to cards for online merchants but again the number of companies who would be large enough to make that work is very limited.
In addition, there will be barriers to entry. To be a TPP, you will need to be authorised and have insurance against the risk of fraudulent payments. Many tech companies do not want to be regulated, with the associated costs and oversight that it brings so may be put off becoming a TPP. The cost of insurance could also add a material cost to a low margin activity and may make it uneconomic for many business models.
It is also likely that any fintechs that find themselves successful in this area will find themselves very attractive to the very banks that they are competing with. This may lead to takeovers and consolidation of any “winners” into larger banking groups.
Threats from competing legislation
Finally, while PSD2 and Open Banking are potential enablers, there remain many other areas of legislation that continue to hold back innovation, often for very good reasons.
For example, there is an inherent conflict in banking between opening up the system to smaller entrants in order to boost competition and the risks to the integrity of the system that those smaller entrants could bring. It remains to be seen how the legislation would react to a significant cybersecurity issue with a TPP and whether that could lead to additional safeguards being brought in that would in turn restrict access.
Keep watching this space
As a result, it is far from clear whether this alternative vision for banking will come to pass or whether after an initial flurry of fintech activity in this area, we will find that when the dust settles we are very much back where we started.
One thing is certain: it will be a very interesting ride and lawyers will continue to have an important part to play in helping to shape this innovative and evolving sector.