With summer (hopefully) almost coming, holiday’s planning becomes a major concern. As every year you book your flight on a comparator platform. You think this is common, and yet you just used one of the disruptive methods able to completely modify banking industry. Indeed, imagine finding the best offer on financial services being as simple as booking a flight. Well, with the Open Banking, this scenario becomes very likely.
In a context of rapid evolution of Payment Services….
Over the past few years, the banking industry, and especially the payments market, faced an increasing disruption from Third Party Providers (TPP) offering innovation and improved user experience. At frontline, GAFA and Fintechs have leveraged on a proven agile and flexible organization to develop far more attractive banking services: free, fast and user friendly. Their offer includes for example digital wallet, P2P payment products, wealth management solutions or lending services. Contrary to banks, that held a huge amount of data often poorly employed, these actors excel in data management and analysis enabling them to develop easy to use applications considerably simplifying user experience.
The only barrier to their expansion was finally the difficulty to have access to banking data. Since January 2018, the Revised Payment Services Directive (PSD2) hopes to put an end to this blocking point, introducing more competition on the Payment Market.
…PSD2 aims to open payment markets to new players…
While in 2007 the Payment Services Directive (PSD1) was mainly focused on traditional payment services (transfer, direct debit and card payment), PSD2 aims to tackle online payment services issues. A major PSD2 improvement is to give access to banking data to two types of new actors:
- Account Information Service Provider (AISP) providing aggregation services between user Payment Accounts
- Payment Initiation Service Provider (PISP), allowing payment initiation between the payees and the payers account
Officially recognized as intermediaries between Clients (Payment Service User, PSU) and Traditional Banks (Account Servicing Payment Service Provider, ASPSP), those actors will also be submitted to the Regulatory Technical Standards (RTS) associated to the Directive. The RTS aim to define the implementation modalities of the Directive, especially regarding Secure Client Authentication requirements (strict log in rules applied for client connection to its account, payment initiation or any operation that could be fraudulent).
This is a transformation for banks that will have to shift to an “open banking” model, sharing one of their most valuable resource, data, to new actors by June-September 2019 (TBC).
…with a regulated access to banking data….
Until today, AISP and PISP mainly used Screen Scraping. This method consists in scanning and collecting data from an application and translates it to be displayed on another application. When applied to banking industry, the use of these applications requires the user to provide its login details to the TPP. This one is then able to connect to the client’s banking interface and collect data needed for its functioning. However, this method has been largely decried to the extent that it often collects much more data than necessary, increasing risk of fraud or data leak with no real regulation.
If the PSD2 does not explicitly forbid the use of Screen Scraping, they favor the use of Application Programming Interface (API) which specifications have been published in July 2017. Concretely, APIs allow “bots” and web applications to connect to websites and collect data in human users’ place.
…and predictable impacts for traditional actors…
It is to be expected that the PSD2 will not only increase competition between GAFA, Fintechs and traditional banks but above all lead to fundamental questioning around Banks’ operating model, organization and systems.
1/ IT systems
To be compliant with PSD2, banks will have to provide a secured API interface for data exchange. For Banks, which evolved in a sealed environment, there is a technological issue. It implies a complete review of their IT strategies and a reorganization of their core banking systems, regarding both data (back-end) and interface using them (front-end). It then requires significant investments, even more so the Directive requires a high security level through the Secure Customer Identification.
It is also necessary to highlight that PSD2 is integrated in a global regulatory framework aiming to create a secured IT. Amongst these decrees, the General Data Protection Regulation (GDPR), the SWIFT Customer Security Program (CSP) or the E-Privacy Directive are to be applied in 2018 and are so many examples of the necessity for Banks to invest on their IT Strategy.
The development API eases the ability of AISP and PISP to attract more clients, positioning themselves between Banks and their clients. The risk for banks is then to lose direct relationship with their clients leading to a twofold damage: i. banks risk to be relegated to a provider status and ii. consecutive loss of information regarding users’ behavior could increase the difficulty for banks to offer them adapted services. In the best case scenario, Banks still have to improve their capabilities in treating and exploiting data from other banks and companies that means, developing their expertise on big data.
3/ Organizational and Cultural changes
In this context, implementation of the PSD2 raises a strategic questioning about organization. As detailed before, bank hegemony on payment market is about to be seriously endangered by innovative players that have no need to maintain heavy banking infrastructure. In other words, the main concern is not new banking entrants but rather they ability to maintain their place in the new payment market. If they want to compete with those actors, Banks not only have to rethink their growth strategy including potential impacts of an open market on their main sources of revenue but also to accept to work alongside companies with different operating model and governance. That may further result in cultural changes for banks that are not used to collaboration.
…and necessary change in their organization.
In any case, market opening is ineluctable and as of today, 4 possible scenarios seem to arise to describe banks possible strategic orientation to answer it:
- Bank as a Traditional actor: in this defensive scenario banks do not operate deep change in their organization. They develop their own API to be used internally through API management Platforms. They do not share their products and services and then position themselves as a full-service provider. Nevertheless, traditional banks willing to compete will have to strengthen their effort of innovation and data analysis capabilities.
- Bank as a Provider: one of the principal banks’ strengths is their access to data. They can choose to position themselves as a data producer, creating a “supplier/distributor” relationship with other players. In this scenario, banks renounce to their distribution channels and increase their investment for the development of innovative products.
- Bank as an Intermediary: banks can chose to focus on the products distribution rather than on their development. In other words they agree to renounce to the property of their products and become an interface between products providers and clients who have the choice between several TPP. In this scenario, traditional source of revenues linked to net interest margin are replaced by a contractualized and fee-based relationship with product providers. With significant impacts on Operating Model, this is seen as the most challenging scenario, especially in terms of technology improvements and data analytics capabilities.
- Bank as a Utility: the ultimate model positions Banks as a Utility for other players providing them specific banking capabilities and knowledge on demand. In this scenario they have no contact with the final user and no real control on shared data.
Nevertheless, these scenarios are not exclusive. We can easily imagine a combination of these four different models in a new banking ecosystem functioning as a market place, where clients have the possibility to compare and choose the most adequate services seamlessly from competing providers.
With the passage to an open banking world traditional Banks will more and more feel the effects of customers’ behavioral evolution. While other industries offer them an improved user experience and innovative services, banking industry struggles to toes line. The development of new competitors such as GAFA and Fintech on the payment market, eased by the PSD2, could to create emulation amongst traditional actors.
We believe that banks and other financial institutions are then at a turning point where they need to make strategic decisions regarding their operating models. To remain competitive, traditional actors have no other choice than identifying gaps between their offer and new customer needs, and determine which model they are willing to adopt. The transition period will require a deep questioning about current operating and distribution models, ability to implement change (culture, IT and systems, data management skills, etc.) and will necessitate integrating new players as partners, rather than threats. In any case banking ecosystem is about to shift from an old product centric to a client centric model.