Or maybe the headline should really read EU PSD2, open access APIs are not just for banks and the first thing we all need to be clear on is that UK open banking, that has been launched with the CAM9, is not the same as PSD2 open access APIs.
So who does PSD2 open access APIs apply to? Well PSD2 uses the term ‘Transactional Account’ and in the UK the FCA defines a transactional account in the FCA handbook as a ‘Payment Account’. So what we need then is a definition of a Payment Account which is covered in the FCA regulation 2 as:
“an account held in the name of one or more payment service users which is used for the execution of payment transactions”*
So the first thing to be clear on is the definition is far wider than just bank accounts. In fact based on Konsentus estimations there could be around 8,500+ Financial Institutions in Europe the regulation will apply to. Of course not all Electronic Money Institution or Payment Institutions will offer payment accounts. Thus whilst over 80% of us in the UK bank with Barclays, HSBC, Lloyds, Santander or Royal Bank of Scotland the regulations are going to effect a far wider audience.
| Types of FIs | Number in Europe |
| Banks*1 | 4,800+ across EU Member States |
| Building Societies*2 | UK: 44 |
| Credit Unions*3 | 1,548 across EU Member States |
| Electronic Money & Payment Institutions*4/5 | UK: 5,500+, EU over 8,800+ |
| Prepaid Programme Managers*6 | EU: 50+ |
The next thing to clarify is that it is also not just about consumer products, PSD2 open access API requirements apply to business payment accounts as well.
So what does this mean in reality, well it applies to pretty much every physical open loop prepaid card even those targeted for instance at children like goHenry or travel cards like FairFX and Caxton. Although they may be regarded as not really offering an ‘account’ under the regulations, they offer payment accounts and thus will need to offer open access APIs.
The other slightly unusual aspect of this as with FairFX, is that FairFX is the brand owner, PCT is the Programme Manager, Wirecard Card Solutions is the issuer. So although the regulatory obligation will fall on the issuer (Wirecard) they will in turn pass this down to the Programme Manager who will in most cases, but not all deliver the API solution on behalf of the brand.
But the regulation is even wider, it also applies to all those wallets you might know such as Paypal, Skrill and Neteller, but it also equally applies to lesser known wallets such as Neosurf which look to serve distinct customer segments.
That is not to say end-users today understand this. Which? found that 92% of respondents hadn’t even heard of it. Imran Gulamhuseinwala, head of Open Banking Limited, the non-profit coordinating the system, admits that “it’s going to take a while for us to see really new, very different services.”
So whilst many companies will consider themselves not to be banks, and many may not even consider they have transactional or payment accounts in reality the new PSD2 open banking access will apply to them. They will need to put into place open APIs that approved Third Parties can access along with a consent and preference management system to manage this access.
Author:
Brendan Jones CCO / Co-Founder of Konsentus Ltd. Konsentus provides a SaaS based consent and preference management solution for EU FIs. He has over 30 years’ experience in the UK & international payments industry, having held executive positions in banking, payment & technology companies including Giesecke & Devrient, Bank of America MBNA & the Datacard Corporation.
*Source: FCA Handbook PERG 15 Guidance on the scope of the Payment Services Regulations 2009
*1 https://www.ecb.europa.eu/stats/ecb_statistics/escb/html/table.en.html?id=JDF_MFI_MFI_LIST (excluding the United Kingdom)
*2 https://www.bsa.org.uk/statistics/sector-info-performance/sector-information
*3 http://www.creditunionnetwork.eu/cus_in_europe
*4 https://paymentinstitutions.eu/about-epif/the-payment-institutions-sector/about
*5http://www.telegraph.co.uk/business/2016/09/20/almost-5500-finance-firms-use-passports-to-access-single-market/
*6 Polymath Consulting Analysis
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
