We have already seen huge changes in the world of banking. Digitalisation means that people are banking from their mobile phones, making payments via barcode scanning and even in some cases transacting using cryptocurrency. Home loans can be approved in almost real-time, and a selfie can be used to open a bank account – all without ever physically entering a branch.
However, this is just the tip of the iceberg: the banking world is about to be shaken up, thanks to legislation known as the European Union Payment Services Directive 2, or PSD2.
PSD2 and the concept of 'open banking'
PSD2 is not a new concept, having been adopted by European Parliaments in 2015 with the express purposes of contributing to a more integrated and efficient payments market, levelling the playing field for payment service providers, driving competition which lowers the cost of payments, and protecting consumers by making payments more secure.
South Africa will not remain unaffected by this legislation, and local financial institutions, their customers, and the payment industry stand to benefit as much as those across the seas.
The growing adoption of PSD2 is paving the way for a concept known as 'open banking'. Open banking refers to the use of APIs and open source technology to enable third party developers to access data traditionally held by financial service providers, or banks, and build applications or services around this data. It also allows consumers to control the transparency of their data, equipping them with the power to allow the sharing of their data with selected third-party providers to offer them services based on their financial information.
Open banking has been fuelled beyond the borders of Europe as regulators of more than half of G20 countries being expected to create open banking API standards by the end of this year.
The rise of third party FSPs
Essentially, PSD2 means that banks will no longer be the only, or main, stakeholders in both the control of consumer financial data and initiation of payments. The legislation gives rise to the inception of two new types of players that will create a more competitive banking environment by lowering payment costs and providing more choice for consumers.
Account Information Service Providers (AISPs) are emerging as new operators in a world traditionally dominated by banks. AISPs are able to access consumer financial information from multiple financial institutions at the express permission of consumers.
They analyse this data in order to determine a consumer's spending habits, financial behaviour, and financial history. This data is then collated and consolidated into a single overview on the consumer, which the consumer can then request to be shared with third parties who can tailor services around their specific profile.
Payment Initiation Service Providers (PISPs) are providers who initiate payments on behalf of a consumer. Although we currently have many payment options, they all still pass through a bank. PISPs will enable services such as peer-to-peer payments and bill payments without touching a traditional financial institution.
The rise in competition for both banks and competing PISPs means that the cost of payments will lower significantly, and consumers will be able to better control how they make payments.
Good for business, good for consumers
The future looks bright for the creation of new business opportunities, fuelling competition and driving the economy. From a banking perspective, however, it means that banks are going to have to up the ante to remain relevant and competitive.
Banks, up to now the major custodians of financial data, have the ability to create a new revenue stream from this data. Banks have access to a huge amount of data on their customers, and monetising this data will lead to significant revenue streams - they are going to have to lead with their APIs, adopting platforms that allow them to structure their data in the right way, so that they, too, can offer competitive solutions. Banks also have the opportunity to play a huge role in the standardisation of APIs across the board.
For consumers, there are scores of benefits.
They will be able to access multiple payment providers, choosing whomever offers the best rate, promotion or deal at any given time. Cost of making payments is likely to reduce as the payment process will be more direct with fewer intermediaries and greater efficiencies. PISPs will create more competition in the payments industry by collaborating with various retail chains who may be able to offer on-the-spot promotions to consumers, based on where they are shopping and what they are buying. Consumers will have a tailor made world of offers at their fingertips.
Consumers will retain the ability to grant sharing permissions, equipping them with control of their own data and ensuring they aren't targeted by unwanted campaigns. However, the sharing of their data opens up a world of possibilities.
It also gives an opportunity for the unbanked to do away with carrying cash and access credit. Leveraging a payment solution that is either inexpensive or free, if supported by advertising revenue, the unbanked will be able to build a payment record and credit history which opens the door to credit opportunities.
Despite the sweep of open banking, different banks across various countries are all at different stages of PSD2 adoption. Banks are going to need to stay close to the process to retain their relevance and ensure they aren't excluded from the payments system altogether.
With regards to data protection and security, the regulation has been careful to state that consumers must grant permissions for data sharing. However, this is a process that will need to be cleverly and closely monitored to avoid a mass dissemination of data.
Once a consumer has granted permission, there will need to be a process that allows the consumer to revoke this, should they wish to. The consumer needs to retain the ability to know where their data is at any given time, especially with the imposed requirements of GDPR and the looming PoPI Act.
PoPI is a South African regulation, which will naturally apply to South African businesses and individuals. GDPR is, however, a European regulation, despite this, South African businesses should not assume that the GDPR will not affect them.
Any local business that has operations in Europe, who deals with European suppliers or who has so much as a single a European customer, needs to comply with GDPR. Financial institutions will need to keep mindful of these regulations when embarking on any new initiative.
There is no doubt that the banking world will see a tremendous and exciting shift, and there is much to be gained from open banking. Banks, emerging AISPs and PISPs will need to ensure they engage with partners who are at the forefront of banking technology in order to forge ahead and retain their momentum once there.
* By Gerhard Greyling, Financial Services, Wipro Limited, Africa.