Christopher Kong: PSD2 Means Opportunity

psd2

Big changes ahead in European payments— but not everyone is ready. Image: Shutterstock

The Revised Directive on Payment Services (PSD2) has generated a great deal of news lately, as banks and payments providers in the European Union prepare (and in some cases, panic) for the 2018 compliance deadline.

PSD2 is the next part of a long-term plan for harmonization between different payment schemes in Europe. The directive is intended to simplify payments services and increase competition by allowing non-bank payment service providers into the market by requiring each bank to provide API services and third party access to accounts.

Our guest today has seen firsthand the potential trials and opportunities this oncoming change has wrought in the banking industry.

Christopher Kong is a Senior Consultant with Icon Solutions, and former Head of Payments Innovation at the Royal Bank of Scotland Group. He currently specializes in advising global and challenger banks, as well as fintech firms on how to adapt or innovate with this game-changing legislation.

Ripple Insights: What has your experience been with banks preparing for PSD2?

On top of the continuing fines and the decades-late internal technology transformation activity that was required after 2008, banks in Europe are now having to eat an extra slice of regulation.  That’s quite a lot for classically conservative organizations with legacy issues, cost and time pressures to deal with all at once. It’s even harder to prioritize which activity needs to come first.

Each bank in every member state in Europe needs to implement the directive; 27 countries plus Great Britain. So, as the clock winds down we’ll probably see this topic getting bigger each month until 2018.

In my observations, I’ve seen that most banks are going through something like the seven stages of grief. First shock, then denial, and then lawyers. What has followed is recognition that they must comply, a bit of mild panic, and finally getting to acceptance. Some are now starting to invest and form proper strategies beyond just being compliant.

The banks that are on top of their game are using this directive to support the development of great solutions and are looking to create new products, networks and partnerships with new revenue models.   

So, now that banks have gotten used to the idea, we can start to see the advantages PSD2 will bring. How would you say this is an opportunity for the bigger players?

There are a few ways of looking at it. Bigger players could elect to do nothing, but will take on fines and risk even bigger losses of business later. They could choose to do the bare minimum that’s required: just publish an API and let everyone else go forward with customer innovations. They could also try to use the APIs of other banks, and aggregate the payments and data, but that’s just a ‘me too’ play, and I think they’ll always lose the UX/UI game against a more nimble, less risk-averse provider.

The best, most adaptive banking players are considering how they can improve customer experiences by doing more than just the minimum; doing something different and value-adding like new products. Organizationally, they’re working on moving the mountain, both in terms of technology and developer talent. They’re also thinking deeply about how their strategic and business model revenue lines need to adapt and in some cases, migrate products and services to the wider API economy.

A key strategy for the winning banks will be those that build a new business line early to partner or offer services to Google, Apple, Facebook, or Amazon or any other large platform. This would open up larger parts of the digital market where customers have more frequent daily interactions, rather forcing them back to their own channels and apps. That said, I’d be a bit worried about one of these players using my bank data to sell to merchants.

Ultimately, PSD2 will provide choice, and the customers will choose the winners. If consumers or corporates get to view their own and aggregated data openly and to compare offers in real-time, fees will drop. The best customer experience will survive. The new world will be very competitive.

So, the way you see it, user experience is going to be what wins the game?

Absolutely! Banks will lose their grip on these previously tightly controlled 1:1 relationships as people gain the freedom to choose services that already work, that they trust, and can innovate: like PayPal.  The traditional banking mindset of “owning” a customer so that all their financial services are with one single bank, is going to change.

Some online payment experiences will change. Today, in a fully digital or online transaction, a customer will manually enter a static card number, and then all their billing information. It’s a painful and anachronistic experience. We are about to see the end of that.

After PSD2, we’ll now have payments APIs and data APIs, that the E.U. says you can use without a contract, so there’s no longer a need for card or card schemes to be involved for online payments. Customers, merchants and third parties will now be able to operate directly via APIs and have less domain lock-out.

There’s probably still going to be a short period when the European banking API landscape looks like a fintech Star Wars cantina, with differing API standards in different formats.

Rather than going their own separate ways, some banks may be proactive and collaborate early in their own markets to create a common new online API wallet brand. We’ve seen this before with Swish, but then they had a lot more time than 14 months to think about how to get it right.

Are there any emerging product companies that you see poised to take advantage of this regulation?

PayPal is a great example. They are slightly ‘old school’ now, but are already focused on the future and have a significant advantage having previously invested in the technology of payments, such as easy APIs and sign-up via Braintree.

The change in mandatory APIs and service access will help them engage and monetize even deeper with their consumer base and provide richer experiences to their customers. That said, third parties still need banks. No one wants to get a new banking license or deal with high regulation, if they don’t need to.

As consumers, clients and merchants get used to new real-time data, the traditional banks and other players will need to stop working with old school tech and get behind what PayPal and other third parties do well; service-oriented architecture and seamlessness.

I’m not going to be too wild with the predicted combinations of players we’ll see post-PSD2, but something I would love to see is banks, Airbnb and Ripple working together. The travel and currency conversions needed per transaction just seems obvious to me. Why do we need a physical card to be involved at all?

Also, we can expect to see payments integrations for P2P and FX P2P over WhatsApp or iMessage-ing to split a bill. We can expect more clarity and recommendations from maybe Google AI for the best accounts and services to switch to in the next year or for a crowdfunded mortgage. Further down the road, you may be able to have a conversation with Amazon Echo’s Alexa about your bank statement. That’s hopefully where we’ll be in 2018.

The best banks realize they can offer these third-party integrations without a decline in revenue.

So PSD2 is a threat to cards and card networks?

It’s a massive threat. There is a very specific part of PSD2 that says that all payments must have strong customer authentication, at the time of payment authorization. That means some existing card online security systems are no longer sufficient under PSD2 requirements and that ‘card not present’ charges will be out of play.

Issuers don’t want to change their current secure systems to upset an accepted user experience. However, if their current security is deemed to be compliant, then I think merchants have a very strong case to claim back their ‘card not present’ fees from the last few decades. This puts cards between a rock and a hard place. The easier solution is just to not use a card and use better mobile security with APIs, for online transactions. That’s a solution trend we have been spotting recently.

That said, in physical transactions, I previously worked on designing and implementing Europay, Mastercard Visa (EMV), Near-field communication (NFC) and Host Card Emulation (HCE) with a London transit project. Card technology has been optimized and I think they’re pretty much the most user-friendly and frictionless physical payments we can get. So I can’t see that customer behavior with contactless payments going anywhere soon. We’ll just see a more pronounced split between physical cards payments and online API payments businesses.

We should bear in mind that bank API services will be mandated by the E.U. to provide their third party services with no contractual terms; to provide mandatory APIs effectively for free. Charging the kinds of online card fees we see today for processing payments is going to be all but impossible. There may be a struggle for those in the cards online value chain to continue justifications for high fees compared to the new free(ish) APIs after PSD2.

Visa, MasterCard, and American Express have all been very quiet about PSD2. Maybe that’s because they’re quietly confident, maybe it’s that they don’t want to rock the boat. In that silence, no real leading payment product or solutions have emerged, there’s no fast mover making headway. PSD2 could create wholly new market entrants for non-card payment schemes, as well, and it’s probably about time.

Where do you see Ripple in this conversation?

Some banks are realizing that in a digital payments world, they don’t have to use the old ACH networks, the card networks or international payment networks to connect their backend and messaging. Once a bank adopts new business models and modern technology properly and after a few fast fails, there’s usually an organizational mindset change. They can literally switch over and bring new products to market quite quickly, particularly if they aren’t protecting legacy revenue.

Ripple is genuinely one of the few companies that has put their necks out recently to take on a previously ‘untouchable’ market.. For that reason alone, I respect the ambition.  Other banks that have previously been having to use bigger correspondent banks for FX (costs/volume), now actually have a technologically and cost effective alternative.  Some banks will see a loss of their existing FX margins and volumes eroded as financial institutions and customers may now be able to dynamically select the lowest cost provider per transaction.

PSD2 Article 2 says all currencies and originated payments within the E.U. are in scope. Article 45 says that the banks must show maximum execution time, all charges and the actual or reference exchange rate. Also, the Draft RTS in Article 18 says all transactions should be traceable with a timestamp. So, we know what the banks have been told to implement, and as far as I’m aware, only Ripple and maybe SWIFT GPI would provide an easy solution for these requirements.

So what does the future look like? What lies beyond PSD2?

Personally, I think FX will become much more important in PSD3. Once APIs become more ubiquitous and the easier more transparent cross-border becomes the norm, then it’s not a short spell away to FX API access between other continents.

If we get a PSD3, then banks who have only done the minimum changes to comply with PSD2 will then have to start their seven stages cycle all over again. It’s genuinely easier to use PSD2 now as a future-proofing exercise and invest the time and effort properly.  Looking at the increasing number of technology focused regulations and directives that have come out recently from the E.U., like eIDAS or General Date Protection Regulation (GDPR) etc, the E.U. is not likely to cease the momentum. This is even more reason for banks to not think this is a one-time deal, or that it’ll settle down after PSD2 or that market technology will stop being progressed outside of their walls.

To think about the future, I watch trends. Some things I’ve noticed lately include the idea that data is vital and repeatable machine processing is vital to cost reduction and massive volume growth. That’s how fintechs have seemingly market made, expanded into other territories at breakneck speeds and eaten whole other industries that couldn’t catch up after first contact.  American banks in Europe are lucky as they learning how this works, seeing the value add and the market being made, without having any direct regulation on them yet.  

Hopefully, we’re going to see practices of open APIs and data sharing spread to the U.S. because of that and hopefully not as delayed as EMV or Faster Payments has taken to get over the pond. Also, banks in Japan have been super proactive and have had really good best practice research efforts. They have been tracking this kind of regulation and forming coalitions between government and business for better solutions for years now. The Japanese central bank is looking into domestic ACH on blockchain, that’s not happening just through regulation, but through the market players choosing to engage.  Interactions with the E.U. market as well as trading with Europe will involve an API relationship very quickly after 2018.

The American and Japanese authorities have wisely chosen to include blockchain solutions in their horizon planning – unfortunately, I think the EU has been a little too early for their legislations before blockchain solutions started to properly mature, so I would expect blockchain and crypto-currency solutions to come into legislation for PSD3.  Beyond that, global blockchain interoperability standards may be next.

In the end, I believe the bigger banks will win out over some smaller banks because of existing trust. Challenger banks will be the first to market because they’re naturally more agile. They will likely be first in with better APIs, better user interface technologies, and enriched experiences. The bigger banks will start off copying that, and then probably acquire smaller banks and fintech challengers to absorb those better API sets. As for GAFA, who knows? Maybe we’ll all be banking via Facebook in 2020.

Christopher Kong is a Senior Consultant with Icon Solutions. This interview is part of our series on leaders in our industry. For more like this, please subscribe to Ripple Insights.