Open BankingUpdated: October 2020 |
PROPOSED SOLUTIONS AND ACTIONS
Digitalisation is a major driver for innovation and will inevitably accelerate in the future. It is important that
banks are able to innovate and compete on equal footing with each other and also with other non-bank
players. With respect to open banking, we recommend EU authorities to allow its development in Europe
through coordinated market-led initiatives and not by regulation. Open banking should be based on API
technology and on mutual benefits/reciprocity for all the parties involved in the ecosystem. In the specific area
of payments, the appropriate first step should be to work on a payment data sharing model on a contractual
and economically sustainable basis that does not go beyond what it is legally required by PSD2 and/or GDPR.
The current asymmetries in data access should be solved in a market-driven harmonised European framework.
A multi-sectorial approach would be needed in order to fulfil consumer expectations, ensuring a level playing
field for all players, mutual benefits and the highest standards of consumer protection. Significant investments
were required that were not offset by a clear business case. As these infrastructures are now further maturing,
ESBG believes that it is time to monetise them to develop services that go beyond PSD2. A flourishing datadriven market – be it in payments, broader financial services or between different industries – should be based
on principles of mutual benefits and potential monetisation of services and infrastructure by all market
participants as well as reciprocity.
As for the potential development of ‘open finance’ extending beyond payment accounts, and the
development of a European data economy, financial services should not be considered in isolation, and data
sharing should not be limited to financial services. The current asymmetries in data access should be solved
in a harmonised European framework. A multi-sectorial approach would be needed in order to fulfil consumer
expectations, ensuring a level playing field for all players, mutual benefits and the highest standards of
consumer protection.
IDENTIFIED CONCERNS
Banks have developed APIs that comply with PSD2 requirements. However, ESBG believes that unlike the
situation in the US, PSD2 is not adapted to develop and strengthen open banking. On the one hand, PSD2
being a Directive has entailed fragmentation among member states. On the other hand, a flourishing datadriven market should be based on principles of reciprocity, mutual benefits and potential monetisation of
services and infrastructure by all market participants.
The fact that PSD2 requires banks to grant third parties access to customer payment account data without
being compensated for that does not outweigh the ensuing investments that banks need to make. A different
approach than PSD2 should be taken, such as the one in the US, where industry standardisation and bilateral
agreements are working as a catalyst for development on commercial terms.
Moreover, from a data privacy perspective, global BigTech companies’ existing data superiority combined with
access to payments data is extremely concerning as it could lead to unintended negative outcomes for EU
citizens. BigTech companies, indeed, are mostly un-regulated. Furthermore, the EBA determined that up to 53%
of the FinTech sector financial services are not yet regulated (see EBA Discussion Paper on FinTech – 2017).
This can ultimately become a risk not only from an economic, political, operational and privacy perspective
but also from a consumer perspective.
The threat of undesired dependency increases when considering both growing global BigTech and many
smaller unregulated entities’ interest in payments. There are reasons why this industry is regulated in the first
place. Dependency on such actors for basic EU internal market functions underpinning the economy
– starting from payments but likely expanding to consumer finance, mortgages and other financial services –
may harm the European economy. ESBG believes EU regulators should follow the principle ‘same risks, same
rules’. It is therefore important to find a balance between consumer protection and the EU’s competition
potential.
WHY POLICYMAKERS SHOULD ACT
Beyond PSD2 and on the road towards open banking and a data sharing economy, there is need for a fairer foundation to be put be in place. An access scheme that clearly spells out rights and obligations, based on mutual benefits, can provide the necessary building block safeguarding the interests for all involved. For these developments to take place, the guiding principles should be the following:
- Support the development of common API-standards, so that consumers can benefit from
the safe availability of data. APIs should be the bespoke and preferred means of access to
third-party data due to security, scalability and interoperability reasons;
- Ensure a level playing field by following the principle ‘same risks, same rules’;
- Put consumers at the centre of the market by ensuring they have a clear understanding of
the risks and establish robust consumer protection measures;
- Ensure the safe and ethical collection and processing of data on commercial terms.
BACKGROUND
With the opening up of payment accounts data and infrastructure, PSD2 has paved the way for a new
banking era. This, however, is only the first step towards the wider development of data sharing, both in the
area of payments and financial services, and the broader economy. PSD2 only opened up payment accounts;
there is no such a thing as open banking for the time being. As a consequence, banks have developed APIs
that comply with PSD2 requirements. There is still a lot of fine-tuning to be made, such as supervisory
convergence and the alignment with other pieces of legislation, such as the GDPR, which we believe to be
sufficient for the sharing of data.