Almost fifteen years ago, the first Payment Services Directive came into effect. As a result, the ecosystem was harmonized, innovation improved, security was enhanced, and consumer data was protected. However, the introduction of Secure Customer Authentication in the revised Payment Services Directive (PSD2) and Open Bank access through Payment Initiation and Account Information Services, introduced many challenges for banks.
As the introduction of the mandatory services in PSD2 settles down, it's time to determine how banks can capitalize on their Open Banking investments. A recent McKinsey survey of bank executives shows that most banks are aware of the threats presented by digital banks and are exploring innovative business opportunities with PSD2.
When PSD2 was introduced, the most discussed use case in blogs, at conferences and in the board rooms, was Personal Finance Management (PFM). PSD2 promised consumers the option to link different bank accounts into a single app, give them a comprehensive view of their balances, and help them budget expenses. Although this use case remains valid, the average number of active payment accounts per consumer with a debit or credit card is low. The European Central Bank has estimated it to be two accounts per consumer. Frequently, those accounts reside with the same bank. Consequently, the use of multibanking for retail customers has shown limited potential.
PSD2 did, however, open up new possibilities for budget management apps. With PSD2D, third-party budget apps can automatically retrieve transactions from bank accounts.
Through the use of APIs, PSD2 enables the connection of corporate and business accounts to accounting software solutions. The transactions are automatically imported and depending on the capability of the software, they are categorized and (pre) booked.
In fact, over 90% of the Ibanity's API calls are Account Information Service (AIS) calls. Most of these calls connect ERP, accounting, and invoicing software solutions with corporate bank accounts. Key players such as the bookkeepers, the accountants and the entrepreneurs benefit from these integrations by reducing manual processes and saving time. Plus, they have access to real-time data!
Banks have made massive investments dedicated to opening up their infrastructure in a safe and secure way and to accelerate digitalization. Some reports estimate that banks have invested €100 million to accelerate digitalization.
More recently, we have seen a new interest in other topics such as lending and credit scoring. Payment Initiation Service (PIS) and the Account Information Service (AIS) are mandated by PSD2. This means that to recover their investment, banks need to diversify and expand on these services. This diversification can be divided along three axes:
Banks need to expand and diversify their offerings into three main axes to recover their investment: the scope, the quality and the services.
The first topic banks are exploring, is the expansion of the PIS and AIS services to other accounts as a paid option. For example, offering AIS on corporate credit cards could enable the use of automatic reimbursement of corporate expenses.
Allowing treasury management solutions to access savings and investment accounts, in addition to the payment accounts, can greatly increase their capabilities and value. With these APIs, corporate treasurers can gather the financial information from multiple banking partners into one location and get a holistic view of the company’s financial situation.
APIs also have the potential to move corporates beyond the batch process for payments, eventually allowing real-time connection. Ibanity has already integrated credit card and savings account APIs for banks that offer these additional services.
Improving the quality of the PIS and AIS is the second axis banks should investigate. The PSD2 mandated AIS service requires a 90-day re-authorization period, which will soon be extended to 190 days. Banks can start offering a premium variant of the AIS API. For example:
In general, we have identified that banks are rapidly moving away from simply exposing raw transaction data into providing actionable information.
Finally, banks can monetize PSD2 by providing new services. Through Open Banking, banks can capitalize their investments by offering adjacent options to the mandated services. These services can include income verification, address verification and identity verification, for example.
In addition, some banks are already exploring premium services for corporate customers with instant notification APIs and Request to Pay (RTP) APIs. These are particularly useful for e-commerce, where immediate confirmation is required.
Premium APIs can also be used to integrate bank processes into third-parties as additional sales channel. Imagine a large Dutch bank offering an instant loan API to a large web merchant. This would allow the web merchant to offer integrated services such as financing and buy-now-pay-later.
Another example of a Premium API is offered by ING Bank. They offer a transaction screening API that allows Payment Service Providers (PSP) to pre-screen their transactions. The service allows secure access to ING's screening system and can be integrated into consumer payment flows.
Mandate management is one of the main challenges that arises when a bank starts offering premium APIs in addition to PSD2 APIs. With PSD2, the obligations required to use APIs, are clear. You need to:
Because Premium APIs are not PSD2 APIs, they are not be subject to PSD2 requirements and legal safeguards. This implies that banks may need to implement additional security measures.
In addition, it may not make sense for them to restrict their premium APIs exclusively to third-parties who have a PSD2 license. Banks may also want to expose their premium APIs to other customers who do not have a license.
This creates the obligation for banks to implement some type of mandate management system. This system is needed to onboard, authenticate, authorize, track and trace the users of their Premium APIs.
Connecting to the APIs exposed by banks can also pose a challenge for premium APIs' users. In PSD2, even though there is no mandatory standard, there is some level of standardization. For example, standardization efforts have been promoted by Berlin Group, STET and other institutions.
However, for premium APIs these standards do not exist. Each bank decides by itself which services to expose and how. This results in a wide variety of APIs, not only in format but also in scope and quality. Consequently, the effort of implementing these APIs may not be too costly.
At Ibanity, we have firsthand experience on the practical impacts of aggregating reach and harmonizing APIs. We are collaborating with banks to provide Premium APIs, so that their consumers can have ubiquitous access and an easy implementation.
Today, we connect 100 partners to over a 1,000 banks across Europe to help both licensed and unlicensed parties capitalize on the transformational power of Open Banking.
Interested in what Ibanity can do for you? Let's have a chat!
TLDR: