Open Banking should have been a huge opportunity for Europe’s payment service providers (PSPs), but so far a lack of unified standards, the absence of harmonised fraud reporting requirements as well as the confusion around strong customer authentication (SCA) has caused great unrest for those within payments.
In June, when the European Banking Authority (EBA) published its opinion paper in which it permitted national competent authorities (NCAs) to allow market participants a period of grace from the September SCA go-live deadline, the intent was reasonable, in the hope to minimise a flurry of rejected payment transactions. However, the indirect result of such lenience by the regulatory body is now leading different NCAs to extend the enforcement deadline by different durations. The benefits of the Open Banking regime are many, but the current disharmony between national interpretations across the EU reflects other problems inherent in the competitive landscape.
Similarly, the multitude of standards set around application programming interfaces (APIs) has confused the market. While the UK’s pioneering Open Banking Standard set explicit requirements for bank interfaces, in continental Europe the API standards that have arisen – in particular Next Gen by the Berlin Group – have left room for adaptation and interpretation. This has led banks and bank aggregators to implement customised – or even developing proprietary sets - of APIs, requiring third party providers (TPPs) to analyse and integrate them one by one. In Italy alone, as an example, up to four different national gateways have been launched so far, each with its member banks and API customisations.
Outside Europe, governments and authorities are also adopting their own approaches, standards and timelines. In the US NACHA has endorsed under its umbrella Afinis Interoperability Standards, a membership-based governance organisation having already released 16 initial API use cases.
In Australia the concept of Open Banking (Open APIs) has been even expanded outside the Banking industry, following the paradigm that the end-customer owns its data, wherever it is processed/stored during his customer journeys.
However, e-commerce and online payments are global by nature and should not be limited by unnecessary national/regional restrictions. There is clearly an opportunity and a need to create stable and secure interoperability channels in every jurisdiction.
Interfacing such a fragmented market can be incredibly time-consuming, very costly and strongly impacting on the reach and economic sustainability of new business models pursued by TPPs. For many of those in the payments sphere, a major issue is found in the engagement with banks. Many have failed to build their sandbox environments in ways that are compliant with the regulations, meaning that others in the payments world are unable to test API connections. That was a provision banks had to meet earlier this year, but many have bypassed the regulators’ gaze.
Also PSPs have their challenges to overcome when it comes to onboarding and authenticating unknown TPPs. The Open Banking Europe initiative led by PRETA - the provider of pan-European payment infrastructure solutions currently owned by 53 shareholder banks - has been working for over three years to set up its first normalised directory providing a single and compliant source of standardised information about active regulated entities that can perform Access To Account (XS2A) services in Europe. As of the start of September more than 420 banks have joined the initiative, each looking for information on how to facilitate P2D2-compliant access to account payment processing.
Over the past few months it’s become clear that Europe’s NCAs are diverging in their approach to the rules. With enforcement, compliance and SCA deadlines differing across the Union, the situation is becoming more complex for market participants. That’s led to several industry bodies such as the European Payment Institutions Federation (EPIF) and the European Association of Payment Service Providers For Merchants (EPSM) among others, to jointly call for a harmonisation of the migration roadmap across the continent. Let’s hope their warning is heeded.
On the market side, not only has Europe’s vibrant payments ecosystem jumped to the opportunities quite evident in Open Banking, but also some of these problems caused by the delay in its integration. With the divergence in requirements across the Union comes the requirement for specialised, extremely modular API integration platforms to allow straightforward connectivity between bank and TPP, such as that offered by TAS Group’s TPP Enabler/Open Banking Hub. Tools of this nature are going to be crucial to allow Open Banking to fulfil its potential.
That said, it’s a fault of the NCA in not making sure its market participants are following the rules and helping to create a safer, more transparent, and stronger payment ecosystem. But failing to oversee and coordinate the PSD2 transposition at central EU level, avoiding that each NCA enforces different variations in what is, of course, a multijurisdictional marketplace, will become deleterious. A fully coherent and level playing field must be pursued as a top priority to avoid missing the goals of one single and competitive EU payments market.