Mr. Snellman, you chair the Payment Systems Working Group of the European Association of Co-operative Banks. What are the most pressing topics that the European Co-operative Banks have to deal with in the area of payment systems at the moment?
There are several important topics on the agenda of the co-operative banks at the moment, which in many cases are interrelated. To start with there is the preparation for the implementation of Payment Services Directive 2 (PSD2), which will become applicable in January 2018 but for which a number of key implementation rules have not be adopted yet by the regulator. Given that this piece of legislation introduces the possibility for non-bank players to access the data of bank customers, banks are very concerned about securing the processes to facilitate this access and about ensuring that they safeguard their customer data against unauthorized access. In addition to being a substantial compliance issue PSD2 can also be seen as a first step towards so called open banking, in which more and more of the banking services are developed and utilized via interfaces, typically in co-operation with developers and partners coming from the outside of traditional banking. This requires new type of thinking and capabilities from banks.
A second important topic is the introduction of instant payments. Over the last two years banks have been working, encouraged by the European Central Bank, on interbank rules that should make it possible to make payments from one side of Europe to the other in less then 10 seconds. Today, this generally still takes one day. Instant payment has the potential to make internet shopping easier, facilitate the payments between two people sharing a meal and to provide corporates with better cash management. But shortening this time cycle from 1 day – often even longer counting the weekends and holidays - to 10 seconds also means less time to check for example that your customer agrees to the payment being made, or whether a fraud is attempted. In addition, instant payments need a fundamental review of banks’ internal systems as they are not built to deal with changes every second but work with longer time cycles to be updated.
If we can zoom in on PSD2 and its implementing rules for a moment, we understand that the Commission will soon come with its final proposals on how banks and non-banks should communicate with each other. What would the EACB like to see in this proposal?
We would like the Commission proposal to fully embrace the technological opportunities offered by the so called Application Programming Interfaces (APIs). APIs are interfaces that allow computers to talk to each other and exchange on well targeted information elements. APIs are widely used by different technology companies, they are based on open standards, are open to all actors without discrimination and are recognised as the safest environment to date. They are without a doubt the best way forward for the exchange between banks and non-banks in the PSD2 context. It is also the way forward that bank supervisors, consumer organisations and various new non-bank players would like to see. But there are a number of non-bank players already on the market at the moment that do not work via APIs but via what they call “screen scraping”. This is an access technique that takes data from the on-line banking website of the customer by reading the screen. These players are afraid that the API approach will limit their present business case and ask the Commission to ensure the possibility to continue “screen scraping” in certain cases. As banks, but we are supported in this by consumer organisations, we have to be against this approach as it would allow access to also those data that not necessary or relevant in the context of PSD2. In addition, contrary to what data protection rules would mandate, it would not be possible for the bank to check if their customer agreed to this access. What we propose to overcome the concerns of the existing non-bank players is to introduce a testing period that would allow them to be reassured that the APIs offer what they need and what is allowed by the legislation.
To read more on the topic, please find on our website our joint statement together with EBF and ESBG "How to organize an efficient third party (TPP) interaction under PSD2."