On 12 January 2016, the revised Payment Services Directive (EU) 2015/2366 entered into force in the European Union, and will apply from 13 January 2018.
Anyone know what ‘apply’ means in this context?
On August 12th, the European Banking Authority (EBA) released its Consultation Paper “On the draft Regulatory Technical Standards specifying the requirements on strong customer authentication and common and secure communication under PSD2“. There have been many articles since then trying to explain what it means, at best these are educated guesses.
All other RTSs and Guidelines entrusted to the EBA won’t be available until January 2018. Classification of Major Incidents for example.
So as the UK’s ‘competent authority’ for PSD2, it’s surprising – and more than a little disappointing – that they have so far provided zero guidance, and won’t until sometime in 2017.
For example, the most pressing questions are:
- If January 13, 2018 is the date when PSD2 will ‘apply’, does that mean that’s when Account Servicing Payment Service providers (ASPSPs) have to make “at least one communication interface enabling secure communication” available? Or do they have until October 2018 at the very earliest (per the Consultation Paper)?
- What happens to ASPSPs if they aren’t ready? Are there penalties?
- When will the FCA begin the certification process for Account Information Service Providers (AISPs) and Payment Initiation Service Provider (PISPs)?
- Do ASPSPs already qualify as AISPs and PISPs if they currently perform these functions?
- Does the FCA have final say in liability?
I was fortunate enough to give a series of PSD2 presentations last week to a large ASPSP, and it was clear that there is significant confusion and frustration surrounding it. I know the legal teams of the larger organisations will already be lobbying the FCA, but I think it’s about time some of these conversations get translated and filtered down to the masses.
Of the 50 people I trained in those 3 days:
- PSD2 knowledge was very low;
- So far they have received little guidance from senior leadership;
- 85% were more scared than optimistic;
- Only 10% saw any opportunity for their organisation, the rest saw their jobs threatened;
- Almost all saw PSD2 primarily as a force for disintermediation of the card schemes, acquirers and issuers;
Clearly this organisation is not alone, and all the planning in the world will do nothing without a goal in mind. What will PSD2 look like in 2018? What can organisations do NOW without definitive guidance? Is there really enough information out there to warrant investment at this stage?
No organisation wants to invest in business transformation without 2 things; 1) clear opportunity for doing so, and 2) clear guidance from the competent authority. Also, no organisation wants to be first while there is so much uncertainty, but no organisation wants to be last. The advantage in this respect is clearly with the new entrants in the market, not the incumbents.
All that said, wishful thinking is going to get us nowhere. The FCA will jump in only when they are good and ready, it’s up to us to do what we can in the meantime.
Here’s what senior leadership at ASPSPs could be doing:
- Ensure the conversations between the legal teams and the FCA are filtered down to all staff – If you’re not having these conversations with the FCA, you must start;
- Set-up a task force to examine opportunities related to Access to Information (XS2A) – You’ll have to give your customer’s information away for free, don’t you want the same from your customer’s other ASPSPs?;
- Set-up a task force to examine opportunities related to innovation in payments – Like it or not, existing payment channels will see significant competition. Don’t be Kodak, or Blockbuster, or IBM…;
- Set-up training opportunities for as many staff as possible, in-house or 3rd party. – Uncertainty kills motivation, you cannot let this turn into fear; and
- Take a long hard look at your mobile apps and APIs, these things will have very significant impact down the road. – You cannot be left behind where customer convenience is concerned.
The time to prepare is now, the time to panic is a long way off. This may sound strange given everything I’ve written up to this point, but look at it this way:
- Innovation in payments will only be relevant when consumers ask for it – Just look how little impact Apple Pay and the like have had. Why would it, when it’s no more convenient or value-add than the plastic they are trying to replace.
- Regardless of the January 2018 date, you have years before current payment methods begin their inevitable decline – Make smart choices, don’t make choices based on perceived deadlines.
- Your customers are yours to lose – YOU have the existing relationship with your customer, new entrants in the game will be at significant disadvantage. Unless you do nothing.
The PSD2 is a good thing for consumers, it’s really up to ASPSPs if this is mutual.
[If you liked this article, please share! Want more like it, subscribe!]