Open Banking, PSD2 and the law of unintended consequences
So, January 13th 2018 came and went and as we sit in early spring there has been not much more than a trickle of providers and customers making use of Open Banking and PSD2. One could argue that the reasons behind the somewhat underwhelming uptake is due to some of the big banks in the UK not being ready, and in Europe as a whole nothing will really happen until the RTS’ (Regulatory Technical Standards) come into force, sometime next year. The reality is probably nothing to do with either and the lack of uptake is at best customers not knowing about it and at worst not actually wanting it or indeed needing it. To those who passionately believe in Open Banking and what it means for the customer, like myself, this cynical view may come as somewhat as a surprise. So let me explain why I think we are where we are and what I think will ultimately happen.
Both PSD2 and Open banking have been driven by various regulatory bodies with the belief that the customer wants and needs more competition in the provision of payments and general banking services. In the UK in particular the CMA (Competition and Markets Authority) stated the case that the low uptake of account switching was due to inertia around the process and the lack of alternatives. API enabled product information and consensual sharing of data was the answer to removing the inertia, making it easier for customers to move from one bank to another. My prediction is that we will not see a significant increase in account switching because one current account looks very much like another current account whether it is provided by Barclays or Starling or any other bank. There are very, very few differentiating features when considering current account, savings accounts and other day to day banking products.
Banking as we know it ... or?
As a backdrop to the regulatory drivers, much of the industry speculation and commentary has centred around the ‘death of banking as we know it’ and that the way has been paved for (tech) giants Google, Amazon, Facebook, Tencent and Apple to come in and sweep up. Well that could happen and is certainly possible if those organisations want to take on the partial regulatory burden, even if they do not go all the way and become deposit taking institutions. There is some logic in suggesting that it could be beneficial for them to become certified payment institutions so they can process their own payments, and there is greater logic still in them becoming Account Information Service providers. Not just so that they can offer financial products, but to understand how and where we spend our money. Let’s not forget that for most of them, their revenue is generated from advertising which is unlikely to be replaced or significantly enhanced by them through offering banking products.
The next suggestion was that there was going to be thousands upon thousands of new Third Party Processors (TPPs) who will overnight take business away from banks. Really? There are three main impediments for this being the case. Firstly, these organisations need to be regulated to provide either AIS or PIS services. Secondly, they need to have very, very deep pockets for a marketing budget to get customers to know who they are. To put this into context, over 60% of all apps on the apple app store have never been downloaded once! Last but not least, there is that ‘little issue of trust’ – even if customers know who you are and you have a regulatory licence, am they likely to allow you access to their bank account, especially considering the growing threat of cybersecurity?
Incumbent banks joining the race.
So, who will be the winners? Well, it will be the customers, but not for the reasons the regulators intended, or indeed via their attempts to increase competition.
The law of unintended consequences rears its head and the biggest winners will be the incumbent banks. The reasons lie in the explanation as to why the others will ultimately fail. Banks are regulated; they have millions of customers and despite the commentary that often suggests otherwise, customers might not be thrilled by them, but they do still trust them. If the banks seize the moment, not only can they see off the threat of new entrants, they can deepen their relationships with their existing customers and use Open Banking as a way of acquiring new customers and generating new revenue streams.
If Banks take the opportunity to act as TPPs themselves, they now “at last” have the opportunity of understanding what their customers do with other competitive Banks, and indeed other types of organisations in a new world of data sharing. They have the opportunity to transform from being the trusted custodians of our money to being the trusted custodians of our data. Open Banking, Open Data and GDPR enables Banks to offer their customers much more meaningful services built on consensual access to the customers data that can be combined and analysed to help them choose the right products and services. Moreover, Banks could truly act on behalf of the customer, rather than simply trying to sell them one of their own manufactured products. The transformation should see Banks move into the world of being trusted brokers and facilitators to help customers get what they need, rather than what the Bank wants to sell to them.
Consent is key.
The critical success factor for Open Banking is trust and a key driver to building trust is ensuring data is not lost or stolen, but that it is also only used for the purposes that customers ‘allow’ it to be used for. Consent becomes the key service enabler for trust. The complexities of managing consent should not be underestimated. It is not as simple as the customer saying yes to access to their bank accounts, it is going to require consent for access to various sorts of data, retrieved from a wide range of sources to be combined for a specific use. For example a small business could provide the bank with consent to access data from both their accounting package, combined with data from their bank account(s) to be provided to a lender for the purposes of being provided with a line of credit. All of this ‘consent’ will need to be logged for audit purposes to ensure that data misuse has not occurred.
In summary, alongside the customer, banks are in a great position to be the winners of Open Banking, but that requires them to realise the opportunity and look beyond the present regulation towards the medium term. Open Banking is not another compliance issue, but a genuinely great opportunity for them to service their customers properly and dare I say it, as a consequence, make some money!