Konsentus – EU Open Banking is not just for banks

Share this post

Or maybe the headline should really read EU PSD2, open access APIs are not just for banks and the first thing we all need to be clear on is that UK open banking, that has been launched with the CAM9, is not the same as PSD2 open access APIs.

So who does PSD2 open access APIs apply to?  Well PSD2 uses the term ‘Transactional Account’ and in the UK the FCA defines a transactional account in the FCA handbook as a ‘Payment Account’.  So what we need then is a definition of a Payment Account which is covered in the FCA regulation 2 as:

“an account held in the name of one or more payment service users which is used for the execution of payment transactions”*

So the first thing to be clear on is the definition is far wider than just bank accounts.  In fact based on Konsentus estimations there could be around 8,500+ Financial Institutions in Europe the regulation will apply to.  Of course not all Electronic Money Institution or Payment Institutions will offer payment accounts.  Thus whilst over 80% of us in the UK bank with Barclays, HSBC, Lloyds, Santander or Royal Bank of Scotland the regulations are going to effect a far wider audience.

Types of FIs Number in Europe
Banks*1 4,800+ across EU Member States
Building Societies*2 UK: 44
Credit Unions*3 1,548 across EU Member States
Electronic Money & Payment Institutions*4/5 UK: 5,500+, EU over 8,800+
Prepaid Programme Managers*6 EU: 50+

 

The next thing to clarify is that it is also not just about consumer products, PSD2 open access API requirements apply to business payment accounts as well.

So what does this mean in reality, well it applies to pretty much every physical open loop prepaid card even those targeted for instance at children like goHenry or travel cards like FairFX and Caxton.  Although they may be regarded as not really offering an ‘account’ under the regulations, they offer payment accounts and thus will need to offer open access APIs.

The other slightly unusual aspect of this as with FairFX, is that FairFX is the brand owner, PCT is the Programme Manager, Wirecard Card Solutions is the issuer.  So although the regulatory obligation will fall on the issuer (Wirecard) they will in turn pass this down to the Programme Manager who will in most cases, but not all deliver the API solution on behalf of the brand.

But the regulation is even wider, it also applies to all those wallets you might know such as Paypal, Skrill and Neteller, but it also equally applies to lesser known wallets such as Neosurf which look to serve distinct customer segments.

That is not to say end-users today understand this.  Which? found that 92% of respondents hadn’t even heard of it. Imran Gulamhuseinwala, head of Open Banking Limited, the non-profit coordinating the system, admits that “it’s going to take a while for us to see really new, very different services.”

So whilst many companies will consider themselves not to be banks, and many may not even consider they have transactional or payment accounts in reality the new PSD2 open banking access will apply to them.  They will need to put into place open APIs that approved Third Parties can access along with a consent and preference management system to manage this access.

Author:

Brendan Jones CCO / Co-Founder of Konsentus Ltd.  Konsentus provides a SaaS based consent and preference management solution for EU FIs.  He has over 30 years’ experience in the UK & international payments industry, having held executive positions in banking, payment & technology companies including Giesecke & Devrient, Bank of America MBNA & the Datacard Corporation.

*Source: FCA Handbook PERG 15 Guidance on the scope of the Payment Services Regulations 2009

*1 https://www.ecb.europa.eu/stats/ecb_statistics/escb/html/table.en.html?id=JDF_MFI_MFI_LIST (excluding the United Kingdom)

*2 https://www.bsa.org.uk/statistics/sector-info-performance/sector-information

*3 http://www.creditunionnetwork.eu/cus_in_europe

*4 https://paymentinstitutions.eu/about-epif/the-payment-institutions-sector/about

*5http://www.telegraph.co.uk/business/2016/09/20/almost-5500-finance-firms-use-passports-to-access-single-market/

*6 Polymath Consulting Analysis

More To Explore

Membership

Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?