Myles Stephenson, chief executive at business payment solutions provider Modulr, delves into the fine print of Open Banking regulations
It is two months since the revised Payment Services Directive (PSD2) was drafted into national law in some EU member states.
One of the most obvious aspects of the directive is, of course, its role in laying the foundations for Open Banking. Under this principle, third-party providers can (with the express permission of account holders) gain access to customer account information held by the major UK high street banks, giving them the data they need to offer better financial services to consumers.
Opening up account data in this way is, understandably, a concern for many. The small size and youth of various third parties looking to harness the benefits of Open Banking has fuelled fears in some quarters that they may not have the firewalls in place to protect themselves and consumers from hacking attacks.
This is not the only challenge presented by Open Banking, though. If you read the fine print of PSD2 and the Financial Conduct Authority’s (FCA) new payment service provider guidelines, you will see that the legislation has repercussions far beyond security that are still not fully understood by many financial services professionals.
Whatever the size of their company, it is imperative that compliance officers are completely versed in all of the aspects of PSD2, so that they can make sure their company meets every aspect of the regulations.
So, what exactly do compliance officers need to know?
PSD2 applies to companies far beyond the boundaries of the EU – it covers any non-EU transactions and those where one leg is carried out by a payment service provider (PSP) outside Europe, in addition to those taking place on EU soil.
So, no matter where your business’s head office is, if you are processing all or even part of a transaction within the EU, you must make sure you meet PSD2 requirements.
There are also new requirements for financial service providers in terms of their relationships with consumers. Card surcharges, for instance, have now been scrapped under PSD2 – something that consumers will no doubt be toasting, as they will no longer face hidden fees when buying food and groceries. Businesses should take note though that only charges on consumer cards have been abolished. Surcharges will still apply on corporate card transactions for the time being.
As highlighted in the FCA’s approach document, the new regulations also require PSPs to “provide” monthly statements to their customers on a “durable medium” like paper. These terms have specific definitions under the new legislation – “provide” now means proactively pushing out information on a regular basis, while “durable medium” is “any instrument which enables the payment service user to store information addressed personally to them in a way accessible for future reference”. Anything from CDs and DVDs, to paper printouts, or even websites can be counted as durable media.
On top of this, major operational and security alerts must also be communicated to customers within hours of them taking place. Crucially, the guidance states that social media does not count as a notification – many young companies pride themselves on their customer engagement on social media, so many will be understandably frustrated with this turn of events. In future, they will have to include additional communications channels to stay compliant.
And finally, all existing e-money and payment institutions need to be re-authorised if they want to continue operating beyond mid-July 2018. Applications need to be sent to the FCA by no later than mid-April to give the body time to process submissions ahead of its summer deadline.
Nevertheless, anecdotal evidence suggests that some firms may not have handed in their application forms. This could potentially put pressure on the FCA, which may not be able to process them all on time. If their company is serious about wanting to continue operations after July, compliance officers should submit applications for re-authorisation as soon as they can.
The financial services sector is set to be transformed in the next few years by the changes ushered in by PSD2 and Open Banking. While there are risks and challenges for banks and other established financial institutions, there are also exciting opportunities for challengers to transform the sector, offering consumers greater choice and more control over their finances.
To truly harness the benefits of PSD2, companies and their compliance officers need to ensure they read and understand all aspects of the directive now. In doing so, they can ensure they have the information they need to prepare to face this exciting Open Banking future.