What a missed PSD2 deadline says about the challenge of implementation
Update: We tested the banks' PSD2 APIs again in August, with just weeks to go until the final deadline – here were the results.
One of the two biggest PSD2 deadlines just whizzed by on 14 March without much fanfare – and more importantly – without the compliance of 41% of the European banks we surveyed in 10 markets. Many will point fingers at those who failed to comply. But what it really highlights is that despite deep pockets and plenty of resources, the demands that PSD2 places on banks are monumental.
Last Thursday was the deadline for all banks to provide a testing environment – or “sandbox” – for third-party service providers (TPPs), so they get a chance to test the APIs that banks expect them to use once the big 14 September deadline arrives.
Now, a majority of the biggest European banks opened up their sandboxes on time. But what the results of this race to the interim 14 March deadline really show is that banks of all sizes are struggling to deal with short timelines in order to satisfy a wide range of needs – their own need to be in control of the data; the TPPs need to have access; and the politicians’ need to have a fair market environment in the timeline they’ve laid out.
For the 41% of the banks that didn’t make it, the consequences could hurt.
There are penalties laid out by the European Banking Authority (EBA) for those who miss the deadline. Those in breach of the law will have to provide a fallback mechanism (aka direct access) – a costly investment on top of the dedicated interface (think: API) that the banks have been pushing for – so TPPs have another way to access accounts and perform payment initiation services.
Those who will fail to fulfil the requirements could face an audit and prosecution by national authorities.
These penalties are severe because the banks who don’t comply are essentially inhibiting TPPs from offering aggregation and payment initiation services – and bank customers from taking advantage of these services. And because once it was decided this was the direction we were all going with PSD2 – toward better consumer protection, more innovation and more competition – we all became dependent on each other to get there.
For TPPs and open banking platform providers like Tink, the missed deadline also potentially means disruptions to our businesses and customers. After all, we’re all required to use the bank’s dedicated interface by 14th September deadline. And if we can’t get in there and start testing them, then it forces us to continue to rely on the fallback mechanisms that we’ve always used – rather than the open APIs the banks would prefer we use.
Everyone involved in open banking is heavily invested in realising the future we all envision for the industry. And the knock-on effect of a missed deadline is big – for banks, fintechs and for consumers.
The already arduous requirements will be compounded with additional ones designed to penalise. The costs will increase as the timeline stretches out. And it will hinder everyone’s ability to offer better services to consumers.
There’s also a risk for missing the big deadline in September – and for this paradigm shift, that was meant to happen now, to take much longer and cost much more.
We surveyed 442 European banks across 10 markets (Germany, Spain, UK, France, Belgium, the Netherlands and the Nordics) on March 15. We found that 59% had made their PSD2 testing environments available on time, while 41% had not. The 442 banks that we surveyed cover more than 90% of the consumers in each of these 10 markets.
The statistics include banks where a) the testing environment was completely absent and not available via a sandbox service provider, b) the TPP registration form to receive access to the testing interface could not be found via the bank home page or via an internet search engine, and c) after registration Tink had not received access by March 15.
Sign up for our newsletter