The changes introduced by the second iteration of the Payment Services Directive - better known by its acronym PSD2 - will bring about some of the biggest changes to retail banking we will ever see in our lifetimes.
However, as we pass the deadline for EU member states to bring their legislation into line with PSD2, which falls on 13 January 2018, don't expect to see things change overnight.
It's actually now becoming clear that many large banks - and even some Central Banks - are completely unprepared for PSD2. While some have been ensuring that they are doing the bare minimum to comply with the regulation, most haven't yet put themselves in a position to really make the most of the opportunities PSD2 brings.
Broadly speaking, PSD2 has been designed to usher in a new age of 'open banking', where innovative online and mobile banking services far beyond what we are currently used to will be available to regular customers. Competition in the financial services market will be less in favour of the traditional 'big' banks, with a more even playing field for the newer market entrants such as so-called 'challenger' banks and fintech startups.
The deadline that passed on 13 January 2018 is the point at which EU member states have to enshrine the principles of PSD2 in law; but in terms of the changes that customers will see there is very little that will be immediately noticeable. Indeed, one part of the regulations - the Regulatory Technical Standards (RTS) on payment security - won't actually become applicable until 18 months later in September 2019, so it's clear that rather than changing things overnight, PSD2 is going to have a considerable bedding-in period.
Some countries have been quicker than others to embrace the changed regulations. To take the UK as an example, the Competition and Markets Authority (CMA) ruled that the nine biggest UK banks should allow licensed startups direct access to their data in August 2016. Indeed, the UK has been one of the pioneers in open banking, with the Open Banking Implementation Entity (OBIE) confirming that open banking for current accounts will begin on the deadline date with a managed roll-out due to be completed in March 2018.
But banks and governments elsewhere in the EU are not yet so ready for PSD2. Research published in December 2017 by PwC paints a grim picture. Having spoken to 39 senior bank executives in 18 European countries, PwC found that only 9% were PSD2 ready, even though two-thirds of respondents anticipated that PSD2 would affect all of their banking operations.
One of the most significant parts of PSD2 is the Access to Account (XS2A) stipulation, which means that banks will now have to be in a position to open up their customer data to third parties on request - whether these third parties are their direct competitors, challenger banks or nascent fintech startups.
To comply with the regulations, the banks need to create APIs (Application Programming Interfaces) which are effectively digital gateways that third parties can use to access the customer data. This is effectively the bare minimum that banks should be doing to meet their new obligations under PSD2. But this would be a risky approach. Banks would be no more than mere infrastructure for customers' financial activities, and they would miss out on direct interactions with these customers. This would likely mean there would be fewer upsell opportunities, while it would also reduce loyalty levels among customers.
Therefore, a different approach is required. There is a massive opportunity for banks that are prepared to do more than the bare minimum. For example, if they not only create the APIs required to enable third parties to access customer data, but to build more APIs for highly advanced banking functions such as instant SEPA transfers, and charge third parties to use them.
While this additional revenue opportunity is welcome, banks can go further still. PSD2 might mean that a bank has to open up its customer data to third parties - but it also means that its competitors have to do the same thing. So, banks that are prepared to build take a leaf out of the book of innovative fintech startups and build digital services that really impress users can win the hearts and minds of customers - not just their own, but those of their competitors too. By using the APIs that their competitors are obligated to provide banks can put themselves in a strong position to take full advantage of PSD2 and the open banking world.
There are some banks that look set to take advantage of the PSD2 regulations, but these have already been putting in a lot of hard work. They've been doing things like creating innovation labs, partnering with innovative tech startups and incubators, or creating a community of developers around their banking platform. Those banks that haven't yet started this process and have satisfied themselves with mere compliance with PSD2 will lose out.
While PSD2 only directly affects Europe, banks in other parts of the world should be taking note. The era of open banking is being ushered in, and while there may not be any similar regulatory obligations in the rest of the world yet, customer expectations will be raised by the financial services Europe is set to see in the coming months.
But the best open banking-inspired digital products and services are still most probably several months away - we certainly won't see them immediately. Those who are first to market, though, stand a good chance of being the true winners in a post-PSD2 world.