In the UK, the implementation of PSD2 has been divided into two races, with a fast track for the nine largest banks, ordered by the Competition and Markets Authority – hence called “the CMA9”. The CMA9 have had to follow a UK set of standards called “Open Banking” with a capital O-B, developed by the Open Banking Implementation Entity.
There are a further 208 licenced banks in the UK, as well as regulated e-money firms, and a large number of them have retail banking operations which are affected by PSD2 in the same way as the CMA9, but not necessarily having to pick the same standard.
We spoke to Chris Wood, API and standards expert, to try to shed some light on where the UK banking industry currently stands in regard to PSD2, both in terms of the experience of the larger banks and the wider retail banking industry moving towards the era of open banking.
Webinar: “Untangling PSD2”
Hear Chris Wood speak live about PSD2 and open banking in our webinar here: https://info.crealogix.com/crealogix-uk-open-banking-webinar-201906
Sign up to listen live or download the recording.
Has legislation helped accelerate open banking?
In all likelihood open banking would have gradually evolved in the market, but PSD2 has helped to force it into being, not just in the UK but across Europe. Open banking and PSD2 have therefore become inextricably linked.
However, open banking is not limited to the demands of regulation. The future beyond PSD2 is more likely to be shaped by commercial forces and market initiatives. PSD2 is therefore successfully serving as a catalyst to the potential opportunity of open banking.
Have some financial institutions been better prepared than others?
Definitely. The API Economy has foisted change on many other markets outside banking, and has already impacted financial services in areas such as payments. All banks and fintechs could have seen open banking coming before it became a regulatory requirement with PSD2.
Some of the more forward-thinking banks looked not only at the implied threats but also the opportunities of open banking, and embraced the idea of public APIs, giving them a head start. The proactive financial brands are the most likely to reap the rewards of open banking.
Even though the CMA9 are the largest banks, there have been many delays with Open Banking in the UK. Why is this?
There are several forces at work, and in the case of the CMA9 having to deliver to evolving standards has not helped. The regulators and technical facilitators have improved and clarified much in the course of developing the Open Banking standard, but this has meant a moving target in terms of many of the details.
Of course, this was never going to be easy. Banks have notoriously complex internal organisational structures and architectures: being a bigger bank probably means PSD2 is harder, not easier. The mechanics of running a vertically impacting project like Open Banking in large, typically siloed organisations are likely to be underestimated by those working in theory rather than practice.
Given this complexity, were the regulators overly optimistic?
The regulators across most of Europe have largely been divorced from the actual mechanics of implementation, setting deadlines without ever seemingly being cognisant about how the implementation actually happens.
Even though in the UK an appointed body – the OBIE – has led the PSD2 efforts top-down, the role of the regulator – the FCA – has been laissez faire at best.
There’s a lot of areas requiring interpretation in the regulation, creating a need for legal departments to pore over the standards to assess compliance – often going back to the regulators for clarification. In other words, it’s not just about technical challenges for developers and IT administrators to solve, but about collaboration between a much wider variety of stakeholders and skillsets, and this hasn’t helped the implementation timetable.
If the CMA9 have found PSD2 hard, won’t smaller banks and building societies have an even bigger struggle to comply?
Not necessarily. Smaller banks and building societies that are not part of the CMA9 can choose a path that fits them best, including whether to adopt the UK Open Banking standard at all – or create their own APIs from scratch, with reference to the regulations that stand above the standards.
Not all of the smaller banks are technically challenged: there are a number of tech-progressive banks with relatively new infrastructures and close-at-hand development teams. Mobilising teams to complete the end-to-end PSD2 implementation in environments like this is more straightforward.
With this is mind, it’s fair to say that smaller banks and building societies – with the right mindset and focus – can actually deliver more easily on PSD2.
Will PSD2 compliance efforts across the industry deliver what was originally intended – i.e. a more competitive market?
For any bank – large or small – differentiation is key. Smaller banks have the opportunity to bring original products to market by taking advantage of their relatively nimble architecture and development teams.
PSD2 puts everyone on an even playing field, so to differentiate each bank, building society, or e-money firm will need to advance beyond that minimum set of capabilities. By taking steps from the current, regulatory-driven APIs towards product-focused APIs that driven by commercial imperatives, smaller banks will be able to make a splash in the API Economy.
Chris Wood is an independent API architect, developer and writer who has worked on a wide variety of projects in financial services. He has recently contributed to the UK efforts to build PSD2-compliant API standards, both on the HSBC team as a technical architect, and for the Open Banking Implementation Entity as API architect and standards author.
Connect with Chris on LinkedIn here: https://www.linkedin.com/in/chris-wood-8909362a/
Disclaimer: opinions stated here do not necessarily reflect the views of CREALOGIX or any other firms.
Find out more about CREALOGIX solutions for open banking APIs, visit: https://crealogix.com/uk/products/crealogix-public-apis/