FAQs about Open Banking and PSD2

Regulation and Compliance


Germaine Lang

Nov 12, 2018

It’s no secret that the global payments landscape is in a state of flux. This is particularly true in the UK and European Union where all eyes are watching the roll out of two initiatives in particular, Open Banking and the revised Payments Services Directive (PSD2). However, there is a lot of confusion about these new regulations. Here are answers to the most FAQs about Open Banking and PSD2.

Open Banking is the UK initiative from the Competition & Marketing Authority, working in conjunction with the Financial Conduct Authority (FCA). Currently Open Banking is only mandatory for the nine largest banks in the UK, although a growing number of smaller UK banks have been looking to join the initiative to stay competitive and stimulate new business.

What are Open Banking and PSD2?

Open Banking and PSD2 are two similar but distinct payment regulatory requirements. The purpose of both initiatives is to make payments smoother and more secure, while stimulating competition and innovation in the industry. A couple of basic distinctions to make between Open Banking and PSD2 is the difference in the driving forces behind each initiative as well as their geographical scope.

PSD2 is a European Commission project in collaboration with the European Banking Authority and is much larger in scope, spanning all members of the European Union and all banks and Payment Service Providers (PSPs) in those countries.

Although these initiatives will ultimately make payment transactions faster, easier and more secure, they both come with heavy regulations and will require banks and organizations to make changes - including adopting the latest technological advances - in order to maintain compliance.

For instance, one of the main purpose of these new regulations is to make mitigate the risk of fraud in payments. Requiring Strong Customer Authentication (SCA) through the use of Multi-Factor Authentication (MFA) is one way to achieve that. SCA enforces traditional security techniques (think passwords, SMS/Text confirmation codes) and is moving towards the use of bio metrics and other new methods of identity verification.

Another similarity between these initiatives is that they introduce regulations around the role of service providers. The new term for these regulated providers is Third Party Providers (TPPs).

Why are these new regulations important?

As these changes take hold, it is expected that they will open up new markets, make financial services available to new audiences and spur the development of new products that will bring value-added services to individuals and organizations. Together, these regulation are expected to take the UK and EU’s market into the digital age:

• Shopping online without the need for a payment card by initiating payment directly from a bank account
• Giving customers a holistic view of all accounts across all service providers
• Making it possible for an organization to analyze its customers’ financial data and provide information for possible loan applications

Overall, consumers will have a better understanding of their account portfolio and activity, giving them more options for streamlining their payments and ultimately their cash management.

What are the differences between Open Banking and PSD2?

PSD2 – the Second Payment Services Directive (PSD2) is a payments regulation that applies to Europe. It went live January 13, 2018. This is the second iteration of the Payment Services Directive, updated to take recent technological developments in banking and payments into consideration. For instance, it outlines that customer have a right to use Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs). Designed to better protect customers against fraud exposure, many of the updates include regulations around online banking and other e-commerce activities.

Open Banking – Open Banking improves the accuracy of personal financial guidance and the security of information transfer. This initiative is possible through the Open Banking Implementation Entity (OBIE) and went live in January 2018. Like PSD2, it also uses Application Programming Interfaces (APIs) to disseminate sensitive customer data in a secure manner. Based on a customer’s consent, banks and organizations will be able to use open banking APIs to monitor transactions and advise customers on cost savings or efficiencies they might be able to take advantage of. This is the first European collaboration of open APIs.

Timing is also different with the 2 initiatives. Although both rolled out in January of 2018, in the EU they have a long ramp up period and don’t need to be compliant until September 2019. In contrast, most of the top 9 UK banks were compliant in January of 2018.

What is the role of a Third Party Provider (TPP)?

A TPP can be a bank, a Fintech firm or even a large retailer or online merchant. TPPs typically performs one of two functions:

• Account Information Service Provider (AISP)
• Payment Initiation Service Provider (PISP)

Sometimes they can be both. Whatever function/s the TPP decides to embody, it must adhere to the regulations that are overseen by a local financial services regulator. For instance, in the UK the TPP would have to be certified by the FCA (mentioned above) and in the EU the TPP would have to be certified by the regulatory body in its country of origin.

What are Payment Initiation Services (PISs)?

PISs monitor e-commerce activities including online and mobile payments. They open up the use of direct bank account payments and types of payments other than card – giving consumers more choices. Merchants also benefit from enhanced security and the use of instant payments increasing efficiencies.

What are Account Information Services (AISs)?

AISs provide a vehicle for new technological developments and the trend of customers having multiple accounts with many providers. AISs let customers share financial data with TPPs to give them a better understanding of their financial activities and help them maximize their account portfolio.

What are Application Programming Interfaces (APIs) and why are they important?

APIs allow for secure data-sharing across online platforms. They are important because they define how different technologies interact and facilitate a customer-driven experience in which the customer can decide what information can be shared and with whom. APIs are well-established and are widely used by organizations on a daily basis.

What else should I know about Open Banking and PSD2?

Initially there was an effort between the drivers of Open Banking and PSD2 to align the two initiatives, but the fundamental differences prevented a smooth collaboration. In order to implement Open Banking in the UK, the Competition and Markets Authority required that the 9 banks involved in the initial roll out develop a common API for standardization. This allows for TPPs to easily connect and share data across the financial institutions. As a contract, the European Commission is taking a different approach with PSD2, leaving those related APIs for the market to define. This is causing some disconnect and may lead to the adoption of the UK model.

For a deeper dive into these new UK and European payment initiatives and how they might affect transactions globally, download the full white paper “Changing the Way Businesses Pay and Get Paid”.

To stay on top of the latest trends in business payments, subscribe now and don’t miss a beat.


Posted by

Germaine Lang

Germaine Lang is the Managing Editor of SmartPayments with a strong creative and technical writing background across many industries. She also works to engage customers and relate their experiences with vendor products and services, positioning them as innovative thought leaders.
Browse all posts
footer curve