In the UK, there have been a few challenges to implementation, including a handful of the country’s largest banks not managing to make the required system changes in time. Furthermore, across Europe, in a rather bizarrely phased roll-out, the technical standards that banks must meet in order to comply with the legislation are still being developed and won’t become mandatory until 2019.
In an admirable if accidental case of legislative foresight, PSD2/Open Banking may be the law that saves banking. Initially challenged by disruptive fintechs post-2008 and more recently by the likes of Google, Amazon and Facebook, banks are being forced to modernize their business models before they become obsolete.
Which brings us to the important distinction between Open Banking (the legislation) and open banking (the strategy of bringing modern, open, tech-forward business models to financial services). The former is a directive largely disliked by banks and ignored by consumers, while the latter underpins the current wave of open and connected banks, fintechs and big tech firms transforming financial services.
The lead-up to the PSD2/Open Banking launch was confused, and coordinated communication to consumers outlining the changes has not been forthcoming. So far, media coverage has been largely negative, highlighting security and privacy concerns rather than the massive customer benefits the legislation enables. Unfortunately, these concerns are valid.
With banks slow to complete the technical development required to fully comply with new legislation, risky interim measures have been put in place. “Screen scraping,” which requires customers to divulge passwords to third parties, is the interim method for PSD2 compliance. According to Megan Caywood, Chief Platform Officer at Starling Bank, “in many cases, banks are sending their customers information saying ‘share your log-on credentials’ with third parties.”
APIs, on the other hand, offer both security enhancements and functionality improvements over screen scraping. “Whenever you’re doing screen scraping, you’re giving a third party your log-in credentials so they can access all of your bank data. APIs are nice because they share information securely, and they also give you granular control of the data that’s shared,” Megan says. “Screen scraping says ‘take my log-on credentials and access all of my bank data.’”
There’s significant work left to do in order to get PSD2/Open Banking right, but it’s a mistake to be overly focused on legislative changes. While the media rages, incumbent banks delay and customers puzzle over the new laws, fintech and big tech players like Bud, Transferwise, Tandem, Starling, Monzo, Google, Apple, Amazon and many others are making quiet progress toward creating a very different financial services industry.
While Open Banking (the legislation) takes its time to take effect, open banking (the business model) is rapidly shaping the future of finance.