Zero PSD2 APIs are compliant with just weeks left before the deadline

5 min read|Published August 21, 2019
Office

In our final analysis of PDS2 APIs, we’ve found that none are compliant with the PSD2 requirements and obligations – the same result we reported from our last evaluation in June. And with less than a month before the final deadline, it is the millions of banking customers across Europe who will suffer the consequences.

Over the past few months, Tink has been analysing all of the major PSD2 APIs that have (or haven’t) been released by the banks in 12 markets. These APIs cover 90% of the population in these markets. The results have been dismal – and nothing has changed since June. 

In our forensic analysis of the availability and quality of the banks’ APIs, we’ve found clear and compelling evidence that the technology environment mandated by PSD2 is not ready – and the open banking movement is in danger of stalling as a result. 

In our final analysis of PDS2 APIs, we’ve found that none are compliant with the PSD2 requirements and obligations – the same result we reported from our last evaluation in June. And with less than a month before the final deadline, it is the millions of banking customers across Europe who will suffer the consequences.

Our evaluation shows that only 15% meet the requirements laid out by PSD2’s technical specifications for a dedicated interface (basically APIs). This means that while the APIs fulfill the basic functionality specified in PSD2’s Regulatory Technical Standards (RTS), their quality, performance or user experience falls short of the requirements for compliance.

That was the good news. We’ve also found that 36% of the APIs contained serious technical issues – and 26% are completely inaccessible. 

The reality no one wants to see

Put simply, if third parties like Tink are forced to migrate to an API environment that is sub-standard, many consumers may find they are not able to use the online and mobile-based banking services they have become accustomed to over the past few years.

Lengthy authentication processes, poorly designed interfaces, and unreliable service will result in customers abandoning what should be exciting and frictionless third-party services. 

Now is the time to take stock and be realistic – before it’s too late – to preserve the valuable aims of PSD2 to put consumers in control of their data. It’s the only way to make this massive effort and investment a success.

The call to action

With just weeks to go before the final deadline, we’re calling for flexibility around the PSD2 implementation deadline to avoid a cliff-edge scenario.

There have been encouraging signs from the national authorities responsible for PSD2 implementation in the UK, France and Germany – where they have announced that they’ll give banks more time to establish a safety net for their APIs. They will also allow third parties to keep using the existing customer interface (think: mobile banking app) until the safety net is in place – rather than relying on the PSD2 APIs.

We are now asking for the other European national authorities to follow suit – recognising the analysis and experience of third-party providers like Tink, and acknowledging that the PSD2 technology environments are not ready. 

We ask them to take the following urgent actions:

  1. Guarantee flexibility around the PSD2 implementation deadline. This includes refusing to grant fallback exemptions to banks whose APIs do not yet meet the required standards.  

  2. Foster stronger industry collaboration to solve the problem. This means working closely with third parties and financial institutions to address the current issues with the APIs, and in the meantime ensure that existing services offered by third parties are not disrupted.

A tough-love reality check

The fantastic opportunity we have in front of us is in danger. Failing on PSD2 will jeopardise the level playing field that it was designed to create. Most importantly, it will remove from consumers the choice and great customer experiences they have enjoyed. 

We can attest to the fact that a significant number of financial institutions we deal with want to improve their APIs. But they need time and guidance to produce a quality technology environment. And they need flexibility around the PSD2 deadline to avoid a cliff-edge scenario on the 14th September. 

With this deadline now just weeks away, we must acknowledge the reality of the situation. By taking stock and adopting a pragmatic approach, we can achieve more together in the long term.

More in Open banking

This image depicts a woman at a desk, holding a phone in position to scan the QR code of a paper invoice.
2024-03-07 · 6 min read
Smart moves with smart meters: how commercial VRP could support pay-as-you-use billing models

Discover how variable recurring payments can transform smart meter billing into a more flexible user experience – and utility providers more ways to support financially vulnerable customers.

Open banking
This image depicts a medium closeup of a woman standing with her back to a building, reading something on her mobile phone.
2024-03-05 · 5 min read
Serving younger borrowers: the impact of inaccessible lending

Streamline risk decisioning as a lender to lower operating costs using data-driven, digital loan origination, affordability assessment and income verification.

Open banking
EU flag
2024-02-21 · 10 min read
The full SPAA treatment – Tink signs up for new EU scheme

Tink has become one of the first participants of the European Payments Council’s SPAA scheme. We explain why SPAA was needed and how it could be the catalyst to transform account-to-account payments in the European Union.

Open banking

Get started with Tink

Contact our team to learn more about what we can help you build – or create an account to get started right away.

Rocket