Open banking APIs will require a rulebook to ensure “good outcome”
Efforts to develop standards for banks to provide third-party access to customer account information are at risk of fragmentation under pressure from tight deadlines, a lack of clarity about the technical requirements and competing domestic proposals.
At a conference in London last week arranged by industry body Payments UK, delegates heard that this will lead to unnecessary duplication, costs and a dilution of the effects of opening the banking system unless institutions and other parties collaborate to keep fragmentation to a minimum.
Participants at the event called for consultation with “a universe of participants that aren’t just banks” to come together to develop a ‘rulebook’ on the wider issues of interpretation of the legal text, technical standards, common solutions and governance.
“We know that the implementation of PSD2 will transform the payments landscape and pose a significant undertaking for the payments community across Europe, which is why it is ever important to ensure the exchange of views in order to help avoid the risk of fragmentation during the implementation process,” said James Whittle, director of industry policy at Payments UK. “In terms of what’s next, Payments UK will seek to set out how the ‘PSD2 implementation community’ could be formed, and to invite comments to this approach over the Summer. Our ambition is to establish the community as quickly as possible, provided there is sufficient support for this by a coalition of the willing.”
The European Union’s second Payment Services Directive (PSD2) specifies that Trusted Third Parties (TTPs) must have access to accounts (XS2A) in order to provide new account services such as account aggregation and payment initiation.
Although not specified explicitly by the legislation, the financial services industry has assumed that the mechanism for this will be through the development of an open standard Application Programming Interface (API) and is concerned that in the absence of clarity from regulators will lead to the development of an over-abundance of APIs, hindering the integration process for TTPs, banks and account holders.
Already there are parallel developments, particularly in the UK, where the government has set the industry the task of creating a UK Open Banking API for introduction in Q1 2017. Nine major UK banks are expected to announce details in the autumn of this year– at about the same time as the first Regulatory Technical Standards (RTS) that PSD2 proposals involve will be published ahead of ratification in Q2 2017.
There are, however, a number of obstacles and potential pitfalls, not least in the timescales involved and the lack of specifications for the PSD2 in particular – as one Danish banker put it at the conference, “we find ourselves in the unusual position of begging the European Central Bank to tell us what to do”.
There are also differences in the scope of the UK’s proposed Open Banking API and the PSD2: as the names suggest, one is about banking and one is about payments. The UK envisions a range of new services being offered, such as automatic collection of income details that could be used for tax gathering, while PSD2 really only addresses the issues of payment initiation on the one hand and more widespread use of transaction related data, such as for automated reconciliation on the other.
Initially, the UK will only allow third-parties access to a restricted dataset – value, data and direction of the transaction – which existing third parties say is actually worse than the current situation where they access customers’ online accounts and ‘screen-scrape’ additional data such as the payee details.
Some European countries already have a form of API, such as the German Electronic Banking Internet Communication Standard (EBICS) which is used for corporate banking. How these fit with PSD2 – and wider initiatives such as immediate payments and blockchains – will not become clear until the draft RTS appears, at the earliest.
Even without the short timescales and such existing issues to deal with, it is inevitable that several APIs will emerge to address domestic issues. “We’ll do our best to avoid fragmentation but I don’t think we can do it 100% – and I’m not sure that is necessarily a bad thing,” said one speaker.
In any case, the notion of having a single API is a red herring, said another: “It’s not about having one API – we’ll have to build several just for the UK – it’s about having a framework for building APIs that ensure a good outcome for the end user.”
By Ovum, an analyst and consultancy firm.