Zero PSD2 APIs are compliant with just weeks left before the deadline

 
Status of production APIs-2.jpg

In our final analysis of PDS2 APIs, we’ve found that none are compliant with the PSD2 requirements and obligations – the same result we reported from our last evaluation in June. And with less than a month before the final deadline, it is the millions of banking customers across Europe who will suffer the consequences.

Over the past few months, Tink has been analysing all of the major PSD2 APIs that have (or haven’t) been released by the banks in 12 markets. These APIs cover 90% of the population in these markets. The results have been dismal – and nothing has changed since June. 

In our forensic analysis of the availability and quality of the banks’ APIs, we’ve found clear and compelling evidence that the technology environment mandated by PSD2 is not ready – and the open banking movement is in danger of stalling as a result. 

Status of production APIs-2_blog.png

Our evaluation shows that only 15% meet the requirements laid out by PSD2’s technical specifications for a dedicated interface (basically APIs). This means that while the APIs fulfill the basic functionality specified in PSD2’s Regulatory Technical Standards (RTS), their quality, performance or user experience falls short of the requirements for compliance.

That was the good news. We’ve also found that 36% of the APIs contained serious technical issues – and 26% are completely inaccessible. 

The reality no one wants to see

Put simply, if third parties like Tink are forced to migrate to an API environment that is sub-standard, many consumers may find they are not able to use the online and mobile-based banking services they have become accustomed to over the past few years.

Lengthy authentication processes, poorly designed interfaces, and unreliable service will result in customers abandoning what should be exciting and frictionless third-party services. 

Now is the time to take stock now and be realistic – before it’s too late – to preserve the valuable aims of PSD2 to put consumers in control of their data. It’s the only way to make this massive effort and investment a success.

The call to action

With just weeks to go before the final deadline, we’re calling for flexibility around the PSD2 implementation deadline to avoid a cliff-edge scenario.

There have been encouraging signs from the national authorities responsible for PSD2 implementation in the UK, France and Germany – where they have announced that they’ll give banks more time to establish a safety net for their APIs. They will also allow third parties to keep using the existing customer interface (think: mobile banking app) until the safety net is in place – rather than relying on the PSD2 APIs.

We are now asking for the other European national authorities to follow suit – recognising the analysis and experience of third-party providers like Tink, and acknowledging that the PSD2 technology environments are not ready. 

We ask them to take the following urgent actions:

  1. Guarantee flexibility around the PSD2 implementation deadline. This includes refusing to grant fallback exemptions to banks whose APIs do not yet meet the required standards.  

  2. Foster stronger industry collaboration to solve the problem. This means working closely with third parties and financial institutions to address the current issues with the APIs, and in the meantime ensure that existing services offered by third parties are not disrupted.

A tough-love reality check

The fantastic opportunity we have in front of us is in danger. Failing on PSD2 will jeopardise the level playing field that it was designed to create. Most importantly, it will remove from consumers the choice and great customer experiences they have enjoyed. 

We can attest to the fact that a significant number of financial institutions we deal with want to improve their APIs. But they need time and guidance to produce a quality technology environment. And they need flexibility around the PSD2 deadline to avoid a cliff-edge scenario on the 14th September. 

With this deadline now just weeks away, we must acknowledge the reality of the situation. By taking stock and adopting a pragmatic approach, we can achieve more together in the long term.

 

Want tangible advice on how to prepare for the final deadline? Our integration experts have outlined six essential criteria to think about in order to create a good quality, regulation-proof bank API for PSD2. Click the image below to get the full list.

 
 

Sign up for our newsletter

By clicking sign up, you accept Tink’s privacy policy.