As we have underlined before, an extended transition period will greatly help to secure Open Banking and properly implement the much needed PSD2 legislation on Strong Customer Authentication (SCA). On that regard, the UK’s Financial Conduct Authority (FCA) has been the first national authority to respond to those demands from banks and third parties and recently kicked down the September 14th deadline with an additional six-month transition period.
Analyses performed over the summer months point out that nothing has changed concerning the technology needed to properly implement PSD2. Furthermore, no APIs are fully ready according to the new regulation’s mandate, and only one out of four is functional, yet not all requirements are operational or in place as of today.
Banks and third parties have spent 2019 working to build user-driven services for their customers in a race against time to reach production-level dedicated interfaces (APIs) that meet the regulatory technical standards (RTS).
This, however, has been a bumpy road, starting with the fact that not many banks deployed a sandbox interface to enable AISPs and PSPs to test their software and applications before using the production API. Furthermore, there is also a growing concern over the quantity and quality of information exposed by the banks through their dedicated interfaces. This discrepancy on the amount of data is a potential blockade on third-party providers’ (TPPs) capacity to innovate or reach customers.
The race against time depends on polishing these friction points and addressing the repetitions and severe errors made up to this day. Successful implementation of PSD2 not only requires fulfilling the RTS but to also boost quality, performance and user experience without damaging current fintechs’ operations.
With just two weeks to go before the final September 14th deadline, we believe flexibility is much needed around implementation and we align with the decision made by UK’s FCA to avoid a lose-lose situation.
The UK’s FCA plan reflects the recent opinion of the European Banking Authority (EBA), as well as the demands from many other national regulators such as France and Germany, which set out that more time was required to implement SCA given the complexity of the technical requirements, a lack of readiness and the potential for a significant impact on consumers’ experience.
PSD2 will put customers in control of their data and should allow them to use their online and mobile-based banking and fintech services as they did for the past few years. Unreliability will gravely impact their experience and might cause abandoning of third-party services.
That being said, the FCA has not only decided on a six-month transition period for the Open Banking adjustment period. Just one day after that ruling, the regulator has also agreed on an 18-month plan for SCA implementation with the e-commerce industry of card issuers, payments firms, and online retailers.
Accordingly, the FCA will not take enforcement action against companies within those areas covered by the plan. We believe the FCA’s assessment represents the best way to protect PSD2’s spirit of openness while caring not to expose third-parties, fintechs, and financial service providers to a potentially damaging business disruption due to early implementation without a safety net. Additionally, customers will not be affected meanwhile, and they will be able to continue using the existing interfaces as the new technology environments are properly finalized.
Lastly, flexibility around the deadline would greatly benefit from fostering collaboration within the industry. Banks, third-party providers and financial services must address these obstacles together and closely develop solutions for the APIs where their businesses will be grown in the future.