In the UK, there have been a few challenges to implementation, including a handful of the country’s largest banks not managing to make the required system changes in time. Furthermore, across Europe, in a rather bizarrely phased rollout, the technical standards that banks must meet in order to comply with the legislation are still being developed and won’t become mandatory until 2019.
In an admirable (if accidental) case of legislative foresight, PSD2/Open Banking may be the law that saves banking. Initially challenged by disruptive fintechs post-2008, and more recently by the likes of Google, Amazon and Facebook, banks are being forced to modernise their business models before they become obsolete.
Which brings us to the important distinction between Open Banking (the legislation) and open banking (the strategy of bringing modern, open, tech-forward business models to financial services). The former is a directive largely disliked by banks and ignored by consumers, while the latter underpins the current wave of open and connected banks, fintechs and big tech firms transforming financial services.
The lead-up to the PSD2/Open Banking launch was confused, and coordinated communication to consumers outlining the changes hasn’t been forthcoming. So far, media coverage has been largely negative, highlighting security and privacy concerns rather than the massive customer benefits the legislation enables. Unfortunately, these concerns are valid.
With banks slow to complete the technical development required to fully comply with new legislation, risky interim measures have been put in place. ‘Screen scraping’, which requires customers to divulge passwords to third parties, is the interim method for PSD2 compliance. According to Megan Caywood, chief platform officer at Starling Bank, “in many cases, banks are sending their customers information saying ‘share your log-on credentials’ with third parties”.
APIs, on the other hand, offer security enhancements and functionality improvements over screen scraping. “Whenever you’re doing screen scraping, you’re giving a third party your log-in credentials so they can access all of your bank data,” says Megan. “APIs are nice because they share information securely, and they also give you granular control of the data that’s shared. Screen scraping says take my log-on credentials and access all of my bank data.”
There’s significant work left to do in order to get PSD2/Open Banking right, but it’s a mistake to be overly focused on legislative changes. While the media rages, incumbent banks delay and customers puzzle over the new laws, fintech and big tech players such as Bud, TransferWise, Tandem, Starling, Monzo, Google, Apple, Amazon and many others are making quiet progress towards creating a very different financial services industry.
While Open Banking (the legislation) takes its time to take effect, open banking (the business model) is rapidly shaping the future of finance.
READ NEXT: The top 3 myths associated with PSD2
– This article is reproduced with kind permission. Some minor changes have been made to reflect BankNXT style considerations. Read more here. Image by Jasminko Ibrakovic, Shutterstock.com