For a bank to effectively operate amongst FinTech challengers, it should know exactly what it wants to be to its customers.
With the Revised Payment Service Directive (PSD2) entering into force on 12 January 2016 it is now official: providing payment account access (XS2A) to third party providers (TPPs) will be a requirement for European banks as of 13 January 2018. The exact security requirements for XS2A will heavily depend on the Regulatory Technical Standards (RTS), on strong customer authentication and secure communication channels that the European Banking Authority (EBA) will need to deliver. As these RTS will not be published before January 2017, many aspects regarding XS2A implementation are still unclear.
In this short blog we will cover the basics of XS2A and shed more light on this rather complex matter.
So, here’s what we know
Banks (account servicing PSPs under PSD2) will need to ‘open up’ two types of services: payment initiation services (PIS) and account information services (AIS). Both services require account holder consent and apply to all consumer and business payment accounts that are accessible online. This opening up will enable two types of licensed TPPs to enter the market: payment initiation service providers (PISPs) and account information service providers (AISPs). To obtain a license, these service providers will need to meet less stringent requirements, than e.g. the current payment institution licensees.
For PIS and AIS no contract between a TPP and a bank should be required. In case of disputes over unauthorised transactions where a PISP is involved, the bank remains the first point of contact for the account holder.
Implications for banks
Regardless of the exact content of the RTS, we can already see the following implications for banks. From January 2018, banks will find TPPs offering new services to banks’ account holding customers. Since these services build on the AIS and PIS offered by the bank, these services are very likely to overlap with today’s bank services. This may have implications for the way in which a customer sees and interacts with its bank.
This is most visible for AIS on the account holder – bank relationship, where a TPP could replace existing internet and mobile banking apps. Obvious examples of services in this domain are aggregation services (where account information of multiple bank accounts, held in different banks, is aggregated into one comprehensive view) and account balance services.
For PIS a bank may experience more direct impact on its business model as TPPs can directly compete on product and price with existing payment services offered by banks. TPPs do not require a contract, which seems to imply they are not subject to direct charges from the bank. The implications for PIS are most visible in the ‘acquiring’ or ‘creditor bank’ domain of a bank, where payment services are offered to merchants and banks will, thus, face more competition. This competitive pressure adds to disruption in the ‘issuing’ or ‘debtor bank’ domain, where interchange-based revenue from both cards and alternative payments might be at risk.
Advice to banks
For banks to effectively operate amongst FinTech and bigtech challengers in the PSD2 era, it should know exactly what it wants to be to its customers. Banks need to determine a strategic value chain position that fits the bank’s capabilities and ambitions. This is key to being relevant to customers in the future.