The publication of the revised payment services directive (PSD2) by the European Union earlier this year is a big deal, with major implications for the way that banks do business. As institutions begin preparing for the implementation of the new rules in two years, Colin Castle speaks with James McMorrow, a senior manager for payment strategy and business development at Lloyds Banking Group, about what it all means for banks – and their relationships with their customers.
For a banking industry still coming to terms with the rapidly changing regulatory climate, especially as finance becomes increasingly concerned with what the transition to digital means for customer service and cybersecurity, PSD2 raises a lot of questions.
The European Union (EU) has been reforming payment services for some time now. The first directive, which passed through parliament in 2007, aimed to provide a statutory foundation for the creation of an EU-wide single market for payments.
Last October, the European Parliament took the legislation even further with what’s now being referred to as PSD2: a major upgrade of the pre-existing rules intended to make payments more secure, offer improved competition between banks and third-party service providers, and broader consumer protection. It’s set to come into force by 2018.
There are a number of significant changes that the new rules bring. International Payment fees will now be clearer and the services of payment providers (for example, payment institutions) will be significantly expanded.
While the regulations are certain to set out new obligations for financial institutions, the new environment of ‘regulatory plus’ could be seen as a threat to everything banks have spent enormous amounts over the past few years developing. Once the directive comes into law, so the argument goes, online banking could be just the start.
James McMorrow, a senior manager for payment strategy and business development at Lloyds Banking Group, doesn’t agree that the new rules are such a bad thing for big banks. He sees PSD2 as a unique opportunity for banks to seriously step up their game. While many might see it as simply a set of new regulations to follow, McMorrow argues that it provides a major incentive to improve the digital services one can offer clients.
“It’s about really understanding what your clients need,” he says. “This would involve not only meeting compliance but also thinking about how you can leverage any additional opportunities by building upon any new technology that you invest in, to start to leverage those opportunities to better meet client needs in the future. ”
These opportunities are varied, changing very much on a client-by-client basis. In the case of corporate clients, for example, McMorrow argues that what many of them may want is a one-stop-shop digital platform where they can see transactions and balances for a multitude of accounts across the continent. Banks can also harness data, and look to produce value-added insights. This could involve a variety of solutions, from helping customers develop more-informed working capital positions, to the standardisation of reporting and offering operational insights.
“This could be very powerful,” says McMorrow. “For example, if you can compare how a customer is performing relative to their peers and leverage all the available data, this could provide valuable insights for customers.”
Beyond the minimum
All this, of course, is predicated on banks embracing the new changes. Many might be tempted, given the scale of the regulations, to simply do the minimum that’s required of them to be compliant and not to see PSD2 as a significant opportunity for them to develop their propositions. This, McMorrow argues, is short-sighted.
Much of how the rules are going to look in practice depends on how the market evolves under the regulation, and how clients respond to it as well. Some may be very early adopters of new innovation and new services, while others may choose to be more risk-averse, waiting and seeing until things have developed further.
“I think, for banks, there are a couple of options,” says McMorrow. “It’s probably tempting at the moment, given some of the uncertainty around the regulatory technical standards, to adopt a bit more of a wait and see approach.
“I think one of the problems in doing that is that there’s always an opportunity for those who get to market quicker, exploit and leverage any opportunities, and for those that are slower or choose not to respond at all from an opportunity perspective. They do risk getting left behind.”
IT challenges are at the forefront of why many banks are cautious to dive headfirst into this uncertain new regulatory climate. Adapting to PSD2 will be seriously expensive, and costs of upgrading computer systems could be substantial. This is combined with the fact that 9% of retail payments revenues are forecast to be lost to new payment initiation service providers (PISPs) by 2020.
It’s is a big deal. In a few years, banks won’t just have to worry about competing against each other for their customers’ attention; anyone who wants to offer a platform for financial services, whether it is a simple mobile app or a broader digital platform, can get in on the action.
A key element of the new directive means that customers could have a range of new options for how they manage their money – and who can help them do it. Where once banks held a monopoly on payments methods, savings and credit management, and general day-to-day money matters, now a range of third-party providers can get involved. Some fear that clients could soon opt to use Facebook or Google to do everything from pay bills to manage savings, and, under the new rules, financial institutions will be obliged to hand over this kind of data to third parties if clients request it.
There’s a lot that banks can do to prepare themselves. And while there is uncertainty around the exact nature of the technical standards, there are a number of decisions that can be made almost immediately. The use of application programme interfaces (APIs) is already becoming more wide spread and clients are already beginning to see the potential benefits, so selecting potential partners and better understanding client needs can be done in advance of technical clarity.
“It’s a great time to begin looking at some of the technology involved, looking at your own infrastructure and architecture, identifying the gaps, and then starting to work with technology vendors to fill them while understanding what your customers may want,” says McMorrow. “This should help you start putting together requirements for the platforms of the future. And a lot of that work can be done now to fully understand these requirements.”
Much of this uncertainty lies with the timing of the rules. The regulatory standards and the highly technical nature of the rules don’t make things easier for banks looking to prepare for the coming sea change.
“We’ve seen recent consultations from the EBA on the regulatory technical standards, which I’m sure the majority of banks in Europe will be responding to, but what we don’t get is that final text until next year,” says McMorrow. “It’s difficult to consider exactly what our client journey might look like when you don’t fully understand the technical standards and the rules that we’ll sit behind, and how the data sharing will function.”
Not the only player
Lloyds, for one, is keeping its cards close to its chest. When asked if the bank has prepared for multiple regulatory scenarios, McMorrow is not keen to go into specifics – with good reason. But what is clear is that consumers and corporates will enjoy a whole range of new options for who they can do business with. The intent of the legislation is to improve innovation and competition, but it could also drive good benefits and experiences for end users.
“I think there are a number of directions innovation can take, and we’ve started to see that innovation come through,” says McMorrow. “I think what’s going to govern all of this is the nature of the regulatory technical standards.
“The balance between security and customer experience is one that’s very tricky, but absolutely critical to how successful PSD2 is going to be in driving this innovation accomplishment.”
This fine line is between making sure that consumer information and data on trends is safe and secure, while at the same time making sure the experience is as seamless and user friendly as it can be. Customers generally want banking to be simple and easy to use, which can often create pressure to lower standards for security, argues McMorrow, but with the development of new technology, the trade-off might be easier. The rise of biometric banking, for example, whereby fingerprints are used to log into accounts, is a significant step forward.
“We’re increasingly able to develop a seamless process that’s easily adoptable, while meeting the very clear security requirements needed when you are sharing customer data,” he explains. “That’s pivotal for us, ensuring that our customers are kept safe, and also protecting against any fraud in payment initiation.”
In many ways, these new rules mean significant change for consumers, corporate clients and banks. With the launch of the Bank of England’s Open Banking Initiative, and the rise of new Competitions and Market Authority remedies promoting information sharing and transparency, McMorrow argues that his colleagues across the financial landscape need to embrace the changing landscape and adapt or suffer.
“I think with the global adoption of instant payments, and that landscape continuing to develop, we’re going to see new products and new services coming to market that will be based around real-time movements of funds,” he says. “PSD2 and open banking is going to be transformational for financial services throughout Europe.”