This is a summary of a wonderful EU directive that will extensively yield benefits to players and customers of various industries, beyond fintech, banking, payment and security. Enjoy! I hope you like it as much as I do.
2. 2
Discussion Outline
• Overview of Open Banking
• Revised Payment Service Directive (PSD2)
• Regulatory Technical Standards (RTS)
• High Level Product Strategy
• Opportunity and risk
3. 3
What is Open Banking?
Financial transparency options that enable active
participants to efficiently offer products and services
via open application programming interfaces (APIs)
6. 6
Customer Experience Drives Revenue Growth
Source: Forrester Research, Inc. July 15, 2015
Revenue growth for individual companies in select industries, 2010-2014
Cable Retail Investments Airline
CX Leaders CX Laggards
How do we promote economic growth, produce more higher quality products
and services, and offer better customer experience without sacrificing security?
7. 7
Payment Service Directive – Important Revision
Second Payment Service Directive
• Legislates the provision of customer financial information (XS2A) from banks via open API
• Enables 3rd payment initiation provided by Payment Initiation Service Providers (PISPs) and
third-party account access provided by Account Information Service Providers (AISPs)
• Enhances consumer protection against fraud and liability across the payment ecosystem
An EU directive created to regulate payment services and payment service providers throughout EU and EEA.
8. 8
Second Payment Service Directive (PSD2)
Change competitive landscape
Impact how we access our financial information Streamline payment processing
Before PSD2 After PSD2
Before PSD2 After PSD2Before PSD2 After PSD2
Promote global
economic growth
9. 9
Strong customer authentication and secure communication
• Banks must open up their payments and core banking systems to TPPs; no screen scrapping allowed
• Bank-specific documents must be made available on the bank’s website free of charge
• Bank APIs must be granted to TTPs under the same SLAs as granted to bank’s own services
• TPPs access requests increase up to 4 times per day
• Two factor authentication selection from: knowledge, possession, inherence
• The output device where the transaction information is displayed must be independent of the one
used to initiate the payment
• Authentication mechanism between TTP (PISP, AISP) and ASPSP (bank) must use of web certificates
issued by qualified Trust Service Providers (TSPs) based on the eIDAS framework
• Exemptions from performing SCA & asking the user to enter authentication codes for every transaction
Regulatory Technical Standards (RTS) – Key Notes
10. 10
Open Banking – Current Outlook
• Global regions are experiencing a surge in Open Banking
• EU banks are mandated to implement PSD2 and be in compliance by 2018
• UK is expected to move forward even post Brexit
• Fintechs fear dilution while banks lobby for stricter regulation on privacy and security
• Multinational bank compliance and active adopters will lead doubters and protectionists to participate
PSD2 timeline: Targeting Q4 2018
1/2015: EBA released document on authentication & secure communication
1/2016: PSD2 In effect
1/2017: EBA deadline to submit RTS
4/2017: EBA RTS adopted by commission
1/2018: EU member states deadline to be in full compliance
10/2018: EBA RTS compliance deadline for ASPS & PSP
11. 11
Open Banking + PSD2
Future banking will be vastly different from today with more streamlined products
and services that will be more convenient to access, more remote than physical,
produced and maintained by professionals with extremely different skillsets.
“Banking is necessary. Banks are not!” – Bill Gates
Heightening concerns and needs for tighter security
Source: Pacemaker Partners, ltd. 2017
16. 16
Open Banking - Product Strategy
• Make Open Banking development a part of business strategy and culture
• Enable banks to embrace Open Banking while minimizing the business risks
• Be the connection that detects vulnerabilities, predicts risks, and reports financial crime
• Be the market leader in reporting regulatory updates and compliance
Proposed
Note: all content on this slide are conceptual and for discussion purposes only.
17. 17
Open Banking - Product Strategy
Be the premier and trusted risk specialist within an ecosystem
• Enable search, map, and identification of all Open Banking TPPs
• Build risk patterns and pinpoint specific vulnerabilities generated by registered TPPs
• Monitor, detect, and report data privacy violations and security risk incidents
• Provide regulation updates and compliance reporting
• Provide education on financial crime prevention and risk remediation
Be the premier trusted authority and SME across ecosystems
• Enable global search, map, and identification of all Open Banking participants
• Enable global research on API request trends
• Provide global risk profiles and predictions
• Provide global regulatory, updates, and exceptions
• Establish and promote industry best practice
Proposed
Note: all content on this slide are conceptual and for discussion purposes only.
18. 18
Open Banking - Opportunity & Risk
• Having conflicting priorities
• Not having the right skills, resources, culture
• May have to build from scratch
• Launched APIs easy be replaced by competitors
• Unable to focus on company key offerings
• Create new businesses
• Encourage innovation
• Increase client & revenue footprint
• Achieve cost efficiency
• Market globally & profitably
Opportunity Potential Risk