Officially it was supposed to be the day when everything changed. Bank data was to be set free from the tight grip of large corporations, and a swarm of innovative services should have been the result.
At least those were the expectations when the European Payment Services Directive II, commonly known as PSD2, became effective across EU on the 1st of January 2018.
From the consumer’s perspective, however, very little has happened so far.
“I’m very disappointed that we haven’t seen more new services by now,” says Jan Damsgaard, a professor at Copenhagen Business School, adding: “I would have thought more startups were ready to take advantage of the opportunities.”
The directive in question requires that banks and other financial institutions allow third parties to get access to their users’ financial data and perform transactions on their behalf – provided the users allow them to, of course.
As a result, you would no longer need to use your regular banking app for certain services, like transfering money or viewing your finances. With access to your data, another service could just as easily do the job. Ultimately, some argue, this may consolidate the market and lead to a few dominant services.
But while sounding promising on paper, it has proven more difficult to implement in reality—at least for now.
“PSD2 still hasn’t improved the condition for consumers. It’s been incredibly difficult for startups to get access to bank data,” says Rune Mai, CEO of personal finance app Spiir and the financial data platform Nordic API Gateway.
New platforms give early access to bank data
One of the main obstacles to further innovation has been a lack of open banking interfaces—so-called APIs—that allow new apps and services to draw data from banks.
If a startup wants to use bank data to, say, create a visual overview of a customer’s spending, it needs to connect with the bank’s system through an API to get the data automatically. At the moment, only a few of Nordic banks provide these open APIs, making it difficult for external services to get access.
The result is a kind of legal paradox: Banks are no longer allowed to prevent startups from getting access to their customers’ data. But they are not yet required to provide the technical interfaces which grant this access, either. Only by September 2019, when the next phase of PSD2 known as the Regulatory Technical Standards (RTS) comes into effect, will EU require banks to provide API access.
Is innovation in a deadlock until then? The answer seems to be “no”.
Already dozens of fintech companies are finding alternative ways to get access to bank data. A couple of Nordic platforms have emerged claiming they can give companies access to hundreds of Nordic banks. One of them is Nordic API Gateway launched in January by Spiir founder Rune Mai.
The platform, according to Mai, allows companies to get access to the data of more than 250 Nordic banks, and to perform transactions on behalf of users. Already, more than 70 companies, including Danske Bank, is testing the platform.
Building the technology, however, wasn’t easy when banks didn’t provide API access:
“At Spiir, our biggest challenge was to build the technology to connect with banks in 2014, long before PSD2 allowed it. We had to get access to the mobile banking interfaces, which was very expensive to engineer. Now other startups can benefit from that technology,” Mai says and adds that the platform will also support the upcoming APIs required in the RTS.
Lacking standards threatens innovation
Giving early access to bank data is not the only job platforms such as Nordic API Gateway and Tink perform. They are also addressing what many in the fintech industry see as a big flaw in PSD2: a lack of API standards.
Banks may be forced to make APIs in 2019, but they do not have to follow the same technical specifications. As a consequence, services wanting to integrate with many different banks may face huge costs tailoring the technology to each one, according to Mai:
“For a big company, it may cost millions of euros to build and operate such infrastructure at present. Plus, doing so is well beyond the scope of most fintech companies that only have the competencies to focus on their core business.”
On the other hand, it makes perfect sense that some banks wish to prolong the process and keep standards incoherent, claims Damsgaard. After all, they stand to lose a substantial part of their revenue from payments that will become cheaper as we see the effects of PSD2. In 2015, payments made up a quarter of bank revenues, according to a Deloitte study.
“This is not an opportunity for banks to earn more. It will radically limit their revenue, and that’s why they’re trying to make different standards. In a non-transparent market it is easier to earn money,” he says.
Nevertheless, banks may not have the option to obfuscate the process. With platforms like Nordic API Gateway, fintech companies only need one API standard—the platforms take care of supporting all the different banks.
For Festina Finance, a fintech company making financial advisory software that relies on bank data, that’s sufficient.
“Of course it’s a pity that the EU directive didn’t provide one standard. But as long as we can pull data from a broker and not worry about different standards then it’s not a problem,” explains Jesper Lauritsen, CTO of Festina Finance.
Danske Bank gets in the game early
For some banks, waiting until 2019 is not an option. Danske Bank has already started experimenting with opening up data access through an API to other services. And later this year, its customers will be able to see their accounts from other banks directly in Danske Bank’s banking app—something which no bank has offered before. Currently, the bank is developing a service that gives users an overview of all their subscriptions and suggests cheaper alternatives. It’s not hard to spot a sense of urgency:
“We can’t wait until 2019. We need to get out and test the market as quickly as possible. I have no comment for the banks that wait. But doing so does send a signal,” says Lars Malmberg, global head of business development at Danske Bank.
Malmberg agrees with Damsgaard in that the banks’ revenue from payments will shrink in the future. But he argues with the idea that banks are interested in delaying the open banking movement:
“If your aim is to make things more difficult for others, then you’re dead. The world we’re heading towards will be more open and transparent, and our strategy is to support that,” he says and concludes: “Our future hope, as a bank, is to own the marketplace and become the aggregator of financial services that people use. I believe we may end up seeing 3-4 winning marketplaces in the Nordics.”