Earlier this month, 13 July, marked six months until the second payment services directive (PSD2) comes into effect. At the core of the European directive is the requirement for banks to open their account systems to third parties.
In order to comply, all banks in the single euro payments area (SEPA) must be ready to let licensed third parties plug into their systems through an API to access customer data and financial information in real time. For many banks, becoming compliant is challenge enough. Outdated legacy systems and internal processes are making, what seems on the surface to be a fairly simply request, a huge technological challenge.
It should never have gotten to this point. While other industries have raced ahead in the innovation stakes, banks have been getting richer and richer while remaining stagnant. This is, in fact, the reason for the regulation in the first place.
Among the directive's main aims is an opening up of the payments market to new entrants leading to "more competition, greater choice and better prices for consumers". Banks couldn't go on like this forever – not when almost every other aspect of a European consumer's life is being made so much easier. The banks' burden of legacy IT is, in short, not the customer's problem.
Aside from compliance, banks face the bigger threat of disruption. Suddenly, a host of new options from tech companies and fintechs will be thrust upon consumers. It's unlikely, faced with a plethora of choice, incentive-led invitations and the prospect of all round better banking, that consumers will stay loyal to the banks – unless there is a good reason for them to do so. A recent report from Accenture talks about the very real threat of banks losing customer ownership and insight – the backbone to building any kind of loyalty.
So, since 12 January 2016, when the two-year "warning period" officially kicked in, what have we seen from banks? Perhaps more interestingly, what have we seen from the would-be third parties who'll seek to take advantage of bank API access?
That's not all. The big tech companies, all with millions (if not billions) of dedicated customers, are honing their payment strategies. Right now, they're abiding by existing regulations but are no doubt amassing as much experience and as many users as possible prior to launching their full arsenal come January 2018 (when PSD2 officially comes into effect). Facebook, which has an e-money licence in Ireland, unveiled their first version of financial services in April and Google announced its new payments functionality back in May. This is just the tip of the iceberg and doesn't go into great detail about other tech companies or the myriad of fintechs with smart, proven solutions. So far, so tech company.
What about the banks? Right now, banks in Scandinavia are the only banks in the world to have successfully driven mass-adoption of proprietary mobile payments schemes. More than 65% of the population uses a bank-issued mobile payments system. No other bank in the world (let alone Europe) has come close to these figures.These mobile payments schemes allow any customer from any bank in the region to use the systems and facilitate a really easy way to pay, in most circumstances, and to get paid.
The nature of the systems mean that not only are the banks in Scandinavia ready for PSD2 from a compliance point of view, they've also successfully put in place a strategy that has, to date, kept the likes of Apple Pay and Samsung Pay at bay. Their early readiness has thus far protected them from disruption. This strategy, along with consistent innovation based around the needs of customers, will protect their core business (customers) post-PSD2.
Whilst in recent times, many European disruptor banks have announced their readiness for PSD2 from a compliance perspective, still none – neither traditional retail banks or disruptors – have mirrored Scandinavian banks' mobile payments success.
I believe this is because of a myriad of reasons, but perhaps five core causes:
- Their focus is too internal. While many have launched apps for their own customers, none have created and launched a system that can be used by customers of any bank. This limits widespread adoption and monetisation of the schemes by banks
- The wrong kinds of partnerships. Right now, partnering with Apple Pay – for example – might seem like a smart move, but what does that get banks? Customers using their phones like a bank-issued card. So what? The only thing that'll happen in the longer term is that customers using Apple Pay will continue to do so long after Apple is able to go direct to account and the bank-issued card has been cut out of the equation
- The wrong kind of tech. This isn't just limited to legacy tech, either. All banks launching near-field communication (NFC)-only reliant systems will fail. The technology is the exact same as what you can do now with almost any debit or credit card. It doesn't add anything extra or solve any new problems for customers – let alone allow a bank any new streams of revenue.
- Fear of real innovation (aka risk). Banks have been protected by regulation throughout recent history. Only now will they be exposed to real competition at the service- and product-level. They are not used to operating in an environment where their products may fail – a necessity if they are to renew themselves.
- Closely tied to the aforementioned, payments (ie card issuing) is a major revenue source for banks today, something that has recently been hit by MIF margin cuts. This has put banks in cost-cutting mode, fearing, for instance, any kind of cannibalisation of existing revenues. But this is precisely what they need to do. As DNB CEO Rune Bjerke said: "It's better if we cannibalise our own services, rather than have someone else do it."
So, right now, with just under six months until the single most important payments directive of the last century comes into play, it's looking more and more likely that tomorrow's banks will be today's big tech companies. Banks who wish to prevent this must become more than just compliance machines.
Being compliant with PSD2 isn't enough – it's just the first step in allowing third-party access to account information, in fact. Truly innovative banks will go beyond what is required in PSD2 and provide solutions that their customers (and the general public in their region) need and will love. These solutions will combat all current payment frustrations for both the general public and merchants. They will also provide a new direction and source of revenue for banks in an open banking world.
Daniel Döderlein is CEO and founder of Auka.