Digitalisation is a major driver for innovation and will inevitably accelerate in the future. It is important that banks are able to innovate and compete on equal footing with each other and also with other non-bank players.
With respect to open banking, we recommend EU authorities to allow its development in Europe through coordinated market-led initiatives and not by regulation. Open banking should be based on API technology and on mutual benefits/reciprocity for all the parties involved in the ecosystem. In the specific area of payments, the appropriate first step should be to work on a payment data sharing model on a contractual and economically sustainable basis that does not go beyond what it is legally required by PSD2 and/or GDPR.
The current asymmetries in data access should be solved in a market-driven harmonised European framework. A multi-sectorial approach would be needed in order to fulfil consumer expectations, ensuring a level playing field for all players, mutual benefits and the highest standards of consumer protection. Significant investments were required that were not offset by a clear business case. As these infrastructures are now further maturing, ESBG believes that it is time to monetise them to develop services that go beyond PSD2. A flourishing datadriven market – be it in payments, broader financial services or between different industries – should be based on principles of mutual benefits and potential monetisation of services and infrastructure by all market participants as well as reciprocity.
As for the potential development of ‘open finance’ extending beyond payment accounts, and the development of a European data economy, financial services should not be considered in isolation, and data sharing should not be limited to financial services. The current asymmetries in data access should be solved in a harmonised European framework. A multi-sectorial approach would be needed in order to fulfil consumer expectations, ensuring a level playing field for all players, mutual benefits and the highest standards of consumer protection.
Identified Concerns
Banks have developed APIs that comply with PSD2 requirements. However, ESBG believes that unlike the situation in the US, PSD2 is not adapted to develop and strengthen open banking. On the one hand, PSD2 being a Directive has entailed fragmentation among member states. On the other hand, a flourishing datadriven market should be based on principles of reciprocity, mutual benefits and potential monetisation of services and infrastructure by all market participants.
The fact that PSD2 requires banks to grant third parties access to customer payment account data without being compensated for that does not outweigh the ensuing investments that banks need to make. A different approach than PSD2 should be taken, such as the one in the US, where industry standardisation and bilateral agreements are working as a catalyst for development on commercial terms.
Moreover, from a data privacy perspective, global BigTech companies’ existing data superiority combined with access to payments data is extremely concerning as it could lead to unintended negative outcomes for EU citizens. BigTech companies, indeed, are mostly un-regulated. Furthermore, the EBA determined that up to 53% of the FinTech sector financial services are not yet regulated (see EBA Discussion Paper on FinTech – 2017). This can ultimately become a risk not only from an economic, political, operational and privacy perspective but also from a consumer perspective.
The threat of undesired dependency increases when considering both growing global BigTech and many smaller unregulated entities’ interest in payments. There are reasons why this industry is regulated in the first place. Dependency on such actors for basic EU internal market functions underpinning the economy – starting from payments but likely expanding to consumer finance, mortgages and other financial services – may harm the European economy. ESBG believes EU regulators should follow the principle ‘same risks, same rules’. It is therefore important to find a balance between consumer protection and the EU’s competition potential.
Why Policymakers Should Act
Beyond PSD2 and on the road towards open banking and a data-sharing economy, there is need for a fairer foundation to be put be in place. An access scheme that clearly spells out rights and obligations, based on mutual benefits, can provide the necessary building block safeguarding the interests for all involved. For these developments to take place, the guiding principles should be the following:
- Support the development of common API-standards, so that consumers can benefit from the safe availability of data. APIs should be the bespoke and preferred means of access to third-party data due to security, scalability and interoperability reasons;
- Ensure a level playing field by following the principle ‘same risks, same rules’;
- Put consumers at the centre of the market by ensuring they have a clear understanding of the risks and establish robust consumer protection measures;
- Ensure the safe and ethical collection and processing of data on commercial terms.
Background
With the opening up of payment accounts data and infrastructure, PSD2 has paved the way for a new banking era. This, however, is only the first step towards the wider development of data sharing, both in the area of payments and financial services, and the broader economy. PSD2 only opened up payment accounts; there is no such a thing as open banking for the time being. As a consequence, banks have developed APIs that comply with PSD2 requirements. There is still a lot of fine-tuning to be made, such as supervisory convergence and the alignment with other pieces of legislation, such as the GDPR, which we believe to be sufficient for the sharing of data.
related
European Banking Authority (EBA) on ESG risk management
The European Savings and Retail Banking Group (ESBG) submitted its response to the consultation launched by the European Banking Authority (EBA). ESBG insists on the need for consitency with CSRD and CSDDD, the addressees of this guideline should also
Enhancing Transparency in Bank Disclosures: ESBG delivers comprehensive response to the EBA’s Pillar 3 data hub consultation
On 14 December 2023, the European Banking Authority (EBA) published a discussion paper on the Pillar 3 data hub processes and its possible practical implications.
IASB Exposure Draft (ED) on Financial Instruments with Characteristics of Equity
On 29 November 2023, the International Accounting Standards Board (IASB) proposed amendments in an Exposure Draft to tackle challenges in financial reporting for instruments with both
ESBG’s response to the EFRAG Comment Letter on Financial Instruments with Characteristics of Equity
On 29 November 2023, the International Accounting Standards Board (IASB) proposed amendments in an Exposure Draft to tackle
ESBG advocates for increased clarity and streamlining of supervisory reporting requirements
On 14 March, ESBG submitted its response to the European Banking Authority (EBA) consultation on ITS amending Commission Implementation Regulation (EU) 2021/451 regarding supervisory reporting
WSBI-ESBG advocates for robust implementation of the BCBS Pillar 3 framework for climate-related financial risks
On 14 March, WSBI-ESBG submitted its response to the Basel Committee on Banking Supervision (BCBS) consultation on its Pillar 3 disclosure framework for climate-related financial risks
ESBG stresses the need for consistency and clarity in its Response to the SFDR Review Consultation
ESBG submitted its response to the European Commission’s consultation on the SFDR review, aiming to enhance transparency in sustainability-related disclosures within the financial services sector
ESBG response to the EBA’s consultation on Guidelines on preventing the abuse of funds and certain crypto-assets transfers for ML/TF
The guidelines on the “travel rule” delineate the actions that Payment Service Providers (PSPs), Intermediary PSPs
ESBG responds to the SRB consultation on the future MREL policy
The European Savings and Retail Banking Group (ESBG) submitted its response to the consultation launched by the Single Resolution Board (SRB) in December 2023 on the future of the Minimum Requirement for own funds
ESBG’s response to the Commission’s consultation on the GDPR
The primary EU legislation ensuring the fundamental right to data protection is the General Data Protection Regulation