TrueLayer: PSD2 – Does Europe need a single API standard?
Following European CommissionIn its recent review of the Payment Services Directive 2 (PSD2), which ended on 5 July, many in the industry are seeking answers to the question: where do open banking services go from here?
In light of the review, Andrei Cazacu offer Fintech Times a complementary answer to this question.
Cazacu is the EU’s political leader TrueLayer. Before joining the open banking platform, Cazacu was senior policy manager at United States Chamber of Commerce‘s affiliated company in the United Kingdom, which covers financial regulation dialogues between the United Kingdom and the United States, data protection and cross-border data transfers. He also worked as a social worker in Brussels.
Here, Cazacu explains why a common standard for Europe does not guarantee API consistency, but how the focus on open banking implementation can:
After one recommendation from European Banking AuthorityThe industry is now discussing whether the introduction of a single API standard is the key to reducing fragmentation and improving open banking.
Before we dive into that, it is important to recognize that PSD2 has been transformative in several ways:
- PSD2 began to level the playing field: By supporting dedicated interfaces to initiate payments on behalf of consumers, PSD2 lowered barriers to entry for new vendors. After open APIs were introduced by banks, there was a sharp increase in market entry. Today, there are more than 500 authorized companies offering open banking services to customers across the EU, up from just a handful before PSD2.
- PSD2 has stimulated innovation: PSD2 combined AIS access to transaction data and PIS capabilities for third parties to initiate a payment. This has led to an explosion of innovation, where companies can combine payments with data to create powerful utility cases, from user verification and reasonableness checks to seamless customer onboarding.
- PSD2 has made payments safer and more secure: Where PIS payments are used to pay companies, they can replace manual bank transfers and prevent misdirected payments and fraud. From the very beginning, open bank payments were required to use Strong Customer Authentication (SCA) for initiation, making them difficult to target for fraudsters.
However, experience has shown that defining a common API standard does not guarantee API consistency, and may not be the right way forward for the EU’s open banking ambitions. When considering where we are going from here, we need to consider three critical questions:
- Do we need a single API standard in the EU?
- Will the rules be applied more consistently?
- Will we finally receive limitless instant payments?
Do we need a single API standard?
A major debate is whether the European Commission should recommend or mandate a single API standard.
PSD2 requires banks to meet certain criteria for their open banking interfaces. Due to this, several standardization bodies were created, including Berlin Group, STET and Polish API. Their role is to develop specifications for APIs – the technology used to develop dedicated interfaces.
But the implementation has so far been left to individual banks. The term ‘API standard’ is actually inaccurate. What we have are a number of technical specifications, but little coordination around how they are implemented and how well they perform.
This causes the same APIs to be implemented and work in different ways. Even within the same standard, we see differences in how the banks interpret and implement it. In turn, open banking providers must process each API on a case-by-case basis. In other words, there is a significant difference between having a standard and ensuring that the same standard is implemented in a standardized way.
But a common API standard is not necessarily the answer.
First, there is a lot of innovation that helps to solve some of the open bank fragmentation. An example, although it may be unintentional in PSD2, is API aggregation. This is where fintech companies specialize in connecting to banking APIs, and creating a simple API that other companies can connect to.
This allows other regulated open banking companies to focus on innovative user proposals, instead of maintaining a banking connection. The market for both API aggregation and consumer services is very competitive and works well.
Secondly, there is a lot of valuable work and expertise within the current standard bodies, which means that there is no need to build a new API standard from scratch.
So what is the solution?
- Build on and harmonize the work of existing standardization bodies: The EU should encourage more dialogue and cooperation between existing standardization bodies. In this way, the technical and commercial knowledge in these groups would be utilized instead of being lost, and new standards would co-ordinate and converge over time, instead of becoming more fragmented.
The EU should also clarify how existing standardization bodies should interact with specifications developed by European Payments Councilafter the work with SPAA MSG.
- Consider a central body to coordinate API implementation and performance: Instead of focusing on a common API standard, the EU can develop a central independent body, or give existing bodies the opportunity to focus on API implementation and performance across banks.
This will be a similar model as Open Banking Implementation Entity (OBIE) in the United Kingdom, which had enforcement authorities from The Norwegian Competition and Market Authorityand which helped to promote open banking at a faster pace than other comparable markets.
A central independent body can act as a single reliable source of public data on open banking. Right now it is difficult to know how many European users there are, how many payments or data requests are made each month, and how this is growing over time. This data is available in the UK from OBIE.
Such a body can also play a role in creating more seamless and consistent payment authentication journeys by providing guidance on best practices.
Unnecessary friction in the authentication process is a significant and artificial obstacle to open banking services really gaining momentum in Europe. As financial APIs become more important, we must ensure that they have the same performance and functionality throughout the EU, so that consumers have a consistent experience.
Will the rules apply more consistently? (PSR1 or PSD3?)
Another question raised by the EU review is: will PSD2 remain a directive or become a regulation? Will there be room for interpretation or will the rules apply in the same way in each country?
EU directives require transposition into national law, so each member state will interpret the directive in slightly different ways. In contrast, the EU regulations apply “as is”, which minimizes the room for interpretation and ensures a more consistent application in all 27 member states.
In the case of PSD2 (a directive), the flexibility to introduce it differently has created differences in interpretation.
For example, only a few EU countries classify credit cards as payment accounts, to which open banking providers have access. This lack of consistency means that consumers can use fewer services in some countries than others.
Transforming PSD2 into Payments Services Regulation (PSR1) will help open up banking services by ensuring faster and more consistent implementation. However, it can be difficult to reach a consensus on regulation, so the continuation of the directive approach can lead to faster improvements in payments and open banking services.
Will we finally receive limitless instant payments?
Open banking provides immediate payments at the fingertips of both consumers and sellers. It raises SEPA Instant from a bank transfer alternative that is only available via online banking to an alternative payment method in fast sectors such as e-commerce or investment.
But right now, SEPA Instant is falling short of its pan-European ambitions. Unstable coverage and high costs for consumers mean that it does not fit perfectly with open bank payments.
And because IBAN discrimination remains a problem, it is still difficult and sometimes impossible to make open bank payments across national borders. That is why the EU must complement the review of PSD2 with legislation that encourages friction – free use of SEPA Instant.
Open bank payments will only reach their full potential in Europe if instant payments are available everywhere and barriers such as IBAN discrimination are removed.
A common standard for Europe does not guarantee API consistency, but focus on how we implement open banking services.