The second Payment Services Directive (PSD2) has changed the way that banks think about technology, and brought the discussion about application programming interfaces (APIs) from its original place in the IT department to the forefront of the industry’s mind, according to a panel on the first day of the Sibos conference in London.
Stephen Müller, divisional board member for transaction banking at Commerzbank, says: “At the time of the first Payment Services Directive only engineers had been talking about what an API is. Now we have the business guys talking about them and trying to make use of them.”
Fiona van Echelpoel, deputy director general of the director for general market infrastructure and payments at the European Central Bank (ECB), adds: “There was a realisation that banks had to decide to go forward and embrace change and see what it might bring. There is an acceptance that APIs are here to stay.”
Van Echelpoel says that the ECB had created a working group to examine the landscape beyond PSD2. The group has had to be temporarily put on hold, as banks in the market are currently working on complying with the latest batch of PSD2 technical standards.
Pierre Antoine Vacheron, executive director for payments at Natixis Payments, says that the challenge for banks surrounds who will intermediate the relationship with customers. “The more the bank is able to take advantage of this, and be at the forefront of the customers’ minds, the more they can avoid disintermediation [by new players].”
“What matters also is to protect the consumer. The faster we grow in having the right APIs for payment accounts, the better it is for all market players.”
Scott McInnes, partner at Bird & Bird, moderating the panel, asked whether fintechs are attempting to take advantage of the new regulation and grasp customer data. “Some fintechs want the data just to do ‘stuff’ with it. We have to tell them not to go to a regulator and ask for a licence because they’re going to be told to go away. There is a potential for abuse of PSD2 and the label.”
Müller remarks that banks remain the best custodians of data. “The bank has to be very good at using data to protect clients and they have a very good reputation in protecting data, as we have for decades. We know how to deal with masses of data. Now we can use it as an argument as to why we should be used and not one of our competitors outside the banking industry.”
For Hays Littlejohn, CEO of EBA Clearing, there is complimentary legislation in place alongside PSD2, like GDPR. “[It] provides protection at great costs to those who abuse it. Some of the fintechs are very good at hiding those provisions in privacy clauses. Banks are the places trusted to hold data. The first to go there and abuse this with a misuse of data could be in big trouble.”