The upcoming Payment Services Directive (PSD2) goes far beyond merely tinkering with the existing legal framework for payments. In the context of SME digital banking, this new Directive includes a key game changing element: the obligation for banks to provide third party access to account data.
With this particular Directive, institutions need to look beyond compliance to its implications for core service offerings. Across all banking sectors, PSD2 presents existing providers with a strategic crossroads: do they seize the opportunity to provide new services and new ways of interacting with customers, or do they become mere ‘fund holders’ as emerging fintech providers reap the benefits of open access?
A closer look at the key provisions of PSD2 helps to illustrate why this Directive is so significant in its ramifications on digital banking for small businesses.
PSD2 and the SME banking sector: key provisions
Replacing its predecessor PSD1 in its entirety, the majority of the provisions of PSD2 are set to go live on 13 January 2018.
In short, its aims are to bring about a more efficient and integrated payments market across Europe. The theory being that this will help to promote competition, deliver better value to the bank’s customers, and increase protection against fraud.
There are four main areas covered across the Directive: a change in the geographic scope covering payments to and from EEA countries, a prohibition in card surcharges across Europe, third party access to information, and increased security of online payments and account access.
Whilst all four Directives will pose new challenges for banks globally, it’s clear that the latter two will have the greatest impact when it comes to the SME digital banking sector.
Third party access to account information
Banks are now required to provide open access to Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs). Arguably, this obligation to provide third party access to account information will be the most significant aspect of the directive on digital banking for SMEs. Essentially, this legislation allows new players in the market access to a customer’s transactional data.
Consider a fintech, or even a bookkeeping provider, offering account management and other services through SaaS. The benefits of those services, such as data integrations, easier digital banking transactions and cash-flow forecasting, are just as relevant and useful to SMEs as to ordinary consumers — and in many instances, more so.
As a result, fintech players providing SMEs with financial services will be able to mine this data and use it to offer a more enhanced and personalised experience for small business customers, subsequently undermining the age old perception of the bank as the first port of call for financial services.
Strategically, banks now have the choice of being either facilitators or operators in this field. They can either take the lead and proactively offer open access to third parties, whilst maintaining relationship primacy – extending this offer to include PISP and AISP services – or they can do nothing and simply slip into the background as an operator for these services.
For small business owners, this creates possibilities for new, innovative financial management solutions. For the bank, following the right strategy could present an opportunity to cement their position at the forefront of the SME’s mind when it comes to managing their finance.
In light of this, banks need to be able to provide their small business customers with services that use this data to equip SMEs with more valuable insights and tools. If they don’t, then other players will.
How Open APIs can help banks to deliver tailored services to SMEs
The Directive and its accompanying draft Regulatory Technical Standards (RTS) on security make it clear that third party access is to be facilitated through an Open API (Application Programme Interface).
A rigid, interoperable standard for interfaces has not, in fact, been defined in either the Directive itself — or in the RTS. Banks, therefore, have some flexibility in defining their own interfaces.
Banks should use this freedom wisely, and look closely at developing their core services, specifically where there are gaps within their product portfolios. For example, digital services that smaller businesses require in areas such as bookkeeping, expense management and forecasting should be considered, in order to design an interface that includes these value added services. After all, if a bank’s proprietary interface has everything a business requires, there is little or no reason for that business to look to a fintech for an alternative.
PSD2, security, and brand positioning
Where a third party initiates a payment, the RTS makes it clear that it’s up to the bank to define the security procedures that need to be applied, meaning banks will still control their own infrastructure. Clearly, EU policymakers want to enable fintech providers to enter the market, but it’s also clear that they want the banks to take the lion’s share of responsibility for security.
This reinforcement of the banks’ position as a secure gatekeeper highlights one of the clearest opportunities open to those institutions. Consider the position of an SME: keeping their business data safe and secure is something that is likely to be at the forefront of business owners’ minds as they weigh up the pros and cons of their account management and choosing a financial service provider.
So, who are business owners more likely to trust with their data: a fintech start-up? Or a bank with whom they have a longstanding relationship and who has unimpeachable security credentials? Banks clearly have the upper hand on this front, but only so long as the service offerings they present do not start to look outdated or irrelevant in light of what’s on offer from emerging players.
For further information on strategies of digital banking for small business customers in light of PSD2, then head over to our resources section. Alternatively, you can also access our SME digital banking service offering for Financial Institutions.