With respect to open banking, we recommend EU authorities to allow its development in Europe through coordinated market-led initiatives and not by regulation. Open banking should be based on API technology and on mutual benefits/reciprocity for all the parties involved in the ecosystem. In the specific area of payments, the appropriate first step should be to work on a payment data sharing model on a contractual and economically sustainable basis that does not go beyond what it is legally required by PSD2 and/or GDPR.

The current asymmetries in data access should be solved in a market-driven harmonised European framework. A multi-sectorial approach would be needed in order to fulfil consumer expectations, ensuring a level playing field for all players, mutual benefits and the highest standards of consumer protection. Significant investments were required that were not offset by a clear business case. As these infrastructures are now further maturing, ESBG believes that it is time to monetise them to develop services that go beyond PSD2. A flourishing datadriven market – be it in payments, broader financial services or between different industries – should be based on principles of mutual benefits and potential monetisation of services and infrastructure by all market participants as well as reciprocity.

As for the potential development of ‘open finance’ extending beyond payment accounts, and the development of a European data economy, financial services should not be considered in isolation, and data sharing should not be limited to financial services. The current asymmetries in data access should be solved in a harmonised European framework. A multi-sectorial approach would be needed in order to fulfil consumer expectations, ensuring a level playing field for all players, mutual benefits and the highest standards of consumer protection.

Identified Concerns

Banks have developed APIs that comply with PSD2 requirements. However, ESBG believes that unlike the situation in the US, PSD2 is not adapted to develop and strengthen open banking. On the one hand, PSD2 being a Directive has entailed fragmentation among member states. On the other hand, a flourishing datadriven market should be based on principles of reciprocity, mutual benefits and potential monetisation of services and infrastructure by all market participants.

The fact that PSD2 requires banks to grant third parties access to customer payment account data without being compensated for that does not outweigh the ensuing investments that banks need to make. A different approach than PSD2 should be taken, such as the one in the US, where industry standardisation and bilateral agreements are working as a catalyst for development on commercial terms.

Moreover, from a data privacy perspective, global BigTech companies’ existing data superiority combined with access to payments data is extremely concerning as it could lead to unintended negative outcomes for EU citizens. BigTech companies, indeed, are mostly un-regulated. Furthermore, the EBA determined that up to 53% of the FinTech sector financial services are not yet regulated (see EBA Discussion Paper on FinTech – 2017). This can ultimately become a risk not only from an economic, political, operational and privacy perspective but also from a consumer perspective.

The threat of undesired dependency increases when considering both growing global BigTech and many smaller unregulated entities’ interest in payments. There are reasons why this industry is regulated in the first place. Dependency on such actors for basic EU internal market functions underpinning the economy – starting from payments but likely expanding to consumer finance, mortgages and other financial services – may harm the European economy. ESBG believes EU regulators should follow the principle ‘same risks, same rules’. It is therefore important to find a balance between consumer protection and the EU’s competition potential.

Why Policymakers Should Act

Beyond PSD2 and on the road towards open banking and a data-sharing economy, there is need for a fairer foundation to be put be in place. An access scheme that clearly spells out rights and obligations, based on mutual benefits, can provide the necessary building block safeguarding the interests for all involved. For these developments to take place, the guiding principles should be the following:​

• Support the development of common API-standards, so that consumers can benefit from the safe availability of data. APIs should be the bespoke and preferred means of access to third-party data due to security, scalability and interoperability reasons;
• Ensure a level playing field by following the principle ‘same risks, same rules’;
• Put consumers at the centre of the market by ensuring they have a clear understanding of the risks and establish robust consumer protection measures;
• Ensure the safe and ethical collection and processing of data on commercial terms.​

Background

With the opening up of payment accounts data and infrastructure, PSD2 has paved the way for a new banking era. This, however, is only the first step towards the wider development of data sharing, both in the area of payments and financial services, and the broader economy. PSD2 only opened up payment accounts; there is no such a thing as open banking for the time being. As a consequence, banks have developed APIs that comply with PSD2 requirements. There is still a lot of fine-tuning to be made, such as supervisory convergence and the alignment with other pieces of legislation, such as the GDPR, which we believe to be sufficient for the sharing of data.