Yapily’s recommendations for minimum open banking API requirements in the EU

PSD2 was introduced five years ago...but there's been inconsistent application by national regulators and governments across Europe. To ensure open banking thrives, we've submitted six baseline requirements for the European Commission to consider when updating regulation.

Around five years ago, the European Commision introduced the Payment Services Directive 2 (or PSD2) to better align payment regulation with the latest market and technology developments. There’s no doubt that PSD2 has fostered innovation across the European payments landscape, encouraging more competition and the development of new solutions for consumers and businesses.

However, inconsistent application of PSD2 by national regulators and governments has led to a fragmented open banking experience. As a result, market readiness varies significantly across Europe, creating headaches for financial institutions, payment service providers, and businesses from SMEs to enterprises.

Want to learn more about open banking across Europe? Check out our Open Banking League Table to see how 18 countries rank on a 10-point scale.

Whilst it’s important to take stock of progress over the last five years (which we’ve done here), it’s also important we contemplate what more can be done to ensure that consumers are given better choices as open banking continues to evolve.

This summer, we are expecting the European Commission to publish a report on the success of PSD2 and their recommendations for updates to the regulation or a broader PSD3 that could start laying the foundations for Open Finance. In this context, we have the opportunity to not only resolve some of the systemic issues that have surfaced, but to keep up with the growth of new payment technologies and shifts in consumer behaviour as the open banking ecosystem continues to grow at pace.

So, how do we ensure open banking can thrive - whatever the report outcome might be?

6 things that will enable open banking to thrive in 2023

As a founding member of the Open Finance Association, we are committed to furthering open finance in the UK and EU and empowering consumers and businesses to make better use of their financial data and payments. Here are six baseline open banking requirements that we believe must be implemented for open banking to thrive. These have been submitted to the European Commission for consideration.

1. Increase conversion with better authentication methods

In any open banking journey, the user must provide consent via their bank. Whilst a crucial step for security reasons, if done poorly (i.e. with a clunky user experience) this can result in higher drop off rates. In fact, drop off rates at this stage are currently higher than anywhere else across the open banking user journey.

So, what’s the solution? It’s all about providing an optimised experience that balances security with ease of use to enable the conversion. We believe redirection and biometric authentications offer the most secure, user friendly method for authenticating payments and data.

It’s time that banks be required to make app-to-app and decoupled authentication available as a standard authentication method for both data and payments. We believe they should also be required to offer Strong Customer Authentication journeys for open banking that are equivalent to (or better than) the best payment channels offered by the bank, including card payments. For example, if a bank supports biometric authentication for card journeys, they should support the same for open banking. This will make the user journey smoother and safer, whilst ensuring consistency regardless of which country you are in, or bank you are using.

2. Align PSD2 with Anti-Money Laundering (AML)

Currently, requirements under PSD2 and AML Directives issued by the European Parliament are out of sync, leaving third party providers (TPPs) unclear on what’s expected of them. Whilst an updated AML Package is expected soon, whatever it says needs to be reflected in the revised PSD2 or new PSD3 regulation.

Specifically, we’d like to see TPPs removed from scope of AML regulations in the EU (as is currently in the UK) when it comes to Account Information Services (AIS). We also think that banks should be required to share relevant information (such as name, date of birth, and address) with TPPs instantaneously via APIs to facilitate TPP’s compliance with AML requirements. Otherwise TPPs risk creating poor user experiences, reducing the impact that instant payments could have in creating a fairer landscape, encouraging healthy competition, and affording consumers more choice.

Want to learn more about open banking, KYC, and AML? Click here.

3. Standardise transaction limits

Right now, different banks impose different limits on transactions. For example, one bank might offer a daily limit of up to €25,000 and another €10,000 for its personal banking customers.

Whilst it’s important to have these limits in place for fraud and risk reasons, we believe there needs to be more consistency across banks in the amounts that Payment Initiation Service Providers (PISP) can initiate on behalf of their customers. Otherwise, many open banking use cases may be prevented for certain customers, but not others.

For example, I may be able to purchase a car using open banking with one bank, but not another.

With transaction limits likely to become an even bigger problem in the EU once instant payments are more prevalent as a result of the Instant Payments Regulations, now is the time to act.

4. Clearly define scope for account types

Think of all of the different account types that banks offer: current, savings, credit, checking, retirement… the list goes on. Now think of how confusing it would be if different banks labelled these accounts in different ways. This is the reality we are currently living in, particularly when it comes to whether EU member countries interpret credit card accounts as payments accounts (or not). As a result, Account Information Service Providers (AISP) can only access credit card data on behalf of their customers in some countries, like France.

We think AISPs should be able to access a consistent set of accounts across all banks, including credit cards and transactional accounts that have a payment functionality even if they are marketed as savings accounts.

5. Boost reliability and visibility of API performance

Whilst our data shows that major UK retail banks are making improvements in open banking API response times, there is still progress to be made, especially in Europe.

In some cases, European banks’ API response times are as high as 18 seconds. For open banking payments to be competitive with the likes of card payments at checkout, this needs to be much shorter. Slow response times can create open banking headaches for consumers and businesses alike as customers become impatient at the checkout and drop off.

Response times are just one reliability metric at play here, with uptime another key indicator. Ultimately, for reliability (and visibility of it) to improve, we think there should be a set of minimum response and up-time requirements in place for banks, and more clarity around which banks are hitting them (and which ones aren’t) in real-time. Banks should have an incident management process in place for Open Banking services that includes real-time alerts when the service is degraded or down. This approach would improve customer experience across the board by encouraging healthy competition and is common practice for APIs in other industries - so why not open banking?

6. Improve communication between banks and TPPs

Because payment initiation service providers (PISPs) are not involved in the execution of payment transactions, they are reliant on information received from banks to inform customers about the status of the payment. Adopting ISO standard formats across the board will increase the transparency of where a payment is in the process of being executed and provide greater peace of mind to customers.

This is particularly important when payments or data requests fail. Today, communication from banks about the reasons for failure can be inconsistent. For example, some banks do not provide any failure reasons, where others only provide vague reasons such as ‘insufficient funds’. Whilst error messages are mandated, there is no standardisation of how banks should comply with this requirement and how the error messages are transmitted. This makes it difficult to provide guidance to the customer about their next best action - should they re-try or do something different?

We think it’s important that banks adopt a standard taxonomy of failure or error reasons and communicate these to TPPs in a consistent way. For example, if banks were to push error messages in a webhook, this would avoid scenarios where TPPs have to manually contact banks via phone to understand why payments have failed or stalled on behalf of their customers.

Final thoughts

Open banking has continued to accelerate across Europe since the arrival of PSD2. Now, we must collectively turn our attention to ironing out systematic challenges that have arisen. Only then can we move towards the open economy of the future.

Want to keep reading? See what Serenna Cole, Senior Product Manager, has to say about open banking, open finance, and beyond.


Insights

Image description
Industry

Yapily

6th January 2023

10 min read

Look back, look forward: open banking milestones and what's next

Open banking turns 5 next week. To celebrate, let’s take a look back at what’s been achieved… and look forward to what’s to come.

Image description
Industry

Serenna Cole, Senior Product Manager

14th December 2022

7 min read

Food for thought: open finance, open data and beyond

The world’s ready for open finance, which could bring about a new regulatory landscape and market opportunities. But just how ready is the UK?

Image description
All

Yapily

5th December 2022

7 min read

What's open banking and how does it work?

You’ve heard about it. You might’ve even used it. But do you know what open banking really is, the products and services it powers, and how it works? Here’s everything you need to know.


Build personalised financial experiences for your customers with Yapily. One platform. Limitless possibilities.

Get In Touch