– are Amazon, Google & Co. the new house banks?
13 January 2018 is a day all treasurers should mark in their calendars. Even though this day falls on a Saturday, the new EU Payment Service Directive 2 (in short PSD 2) comes into effect on this date. The revised version ('2') of the directive is the result of a fundamental review of the Payment Service Directive 1 (PSD1) and replaces, updates and expands it in key areas. Quick reminder: PSD 1 dates back to 2007, was transposed into German law on 31 October 2009, established an EU-wide uniform legal framework for all types of payment orders and represented basis for payment transfers under SEPA method.
EU Member States have less than one year to transpose the content and provisions of the new directive into domestic law. Those who still remember the lengthy discussion on the implementation of PSD1 from 2008 to 2009 will guess that implementation of this revised directive will also involve difficulties and delays. The respective German ministries produced the first draft bills by the end of 2016 with adoption widely expected to take place before the parliament elections. However, there is currently still a lack of final technological specifications and standards regarding questions of authentication and identification for adequately securing payment processes and the associated services of banks and third party providers which need to be predefined by the European Banking Authority.
The background and triggering factor for the revision of PDS1 and the PSD2 published at the end of 2015 was the aim of – in addition to increasing competition and innovation of the European payment transfer – further improving consumer protection and the security of payment processes. This means that PSD2 now also effects so-called third-party payment service providers (i.e. non-banks). In addition to the new rules for liability questions and technical innovations for customer authentication, it puts into question the business model of many banks by including a key feature: account access for third-party service providers.
The "access-to-account" principle (XS2A) makes it possible for service providers to, without maintaining a bank account for customers, offer payment services and obtain account information via standardised interfaces using software solutions. This means that banks cease to have a monopoly in this regard. The account-holding institutions must facilitate third-party access to these accounts subject to consent by the account owner (the only exceptions here are non-authorised and fraudulent access attempts).
Banks need to ensure that it is technically possible for data to be released externally. It is easy to imagine what technical changes by the bank would be required for this and what security measures need to be implemented in terms of access mechanisms and prevention of manipulation. Key questions still remain open, such as what reviews are to be performed on third party services in order to be able to use the interfaces or who is able to implement these in the end.
In particular for banks and payment service providers, the new provisions applicable from 2018 represent a significant turning-point as to what and primarily how their services can be offered to customers. For many experts the PSD2, its implementation and the opportunities it presents in terms of innovative services constitute a disruptive change to the banking world not yet seen in this form before. We will not go into further detail here on the significant impacts for banks and financial service providers – Just think of the complexity of IT projects in 2017 which will have to deal with the implementation and the security of external account access interfaces. Instead we have our treasurer hat on and ask ourselves what potential there is from the perspective of a corporate client in relation to cash management and payment transfer processes.
It is always advisable to proactively help shape the future following changing business conditions rather than to lean back and passively wait and see how the details and business models develop. This recommendation also applies to the common treasurer in connection with PSD2. Not only the life of bankers will fundamentally change but also on part of the customers, e.g. on the corporate side new possibilities and opportunities will open up.
PSD2 and its principle of 'open' bank account access to activate payments and access account information means there will be some changes in the future to the interface between (corporate) clients and banks. The new business models will mean end customers will ask who can offer the respective service with the most added value and who will take on the role of payment initiation service provider (PISP) and accounting information service provider (AISP).
It is to be assumed that in addition to traditional bank partners with their new services, third party service providers will also position themselves in the PISP market, who nevertheless fulfil the requirements set out in the PSD2 and will have to register themselves with the European Banking Authority (EBA) as a payment institution within the meaning of PSD2. Besides specialised fintechs or online traders, there is also potential – in certain circumstances – for suppliers of treasury management systems, which directly trigger payments on the defined interfaces with banks via payment transfer modules integrated into their platforms and thus circumvent the 'traditional' channels of banking communication such as EBICS or SWIFT.
This also applies to account information where new service providers can establish themselves in the context of retrieving account balances and turnover. Potential players here are presumably the same suppliers as in the payment field.
The bundling of the functions for triggering external and internal payments and the consolidation of account balances into a uniform and bank-wide system is surely no special innovation in cash management. New in connection with PSD2 are the opportunities of technical integration and the associated comfort in the treasury as well as the potential to increase efficiency.
The range of potential new services as a result of PDS2 is so large that it is not currently foreseeable which suppliers will try and establish themselves in this area in the coming years. Just think of the opportunities for further analyses and additional services resulting for AISPs on the basis of received account and transaction information. Thus it is definitely too early to determine whether we can bid farewell to traditional channels of banking communication for the transfer of payments or file-based receipt of electronic account statements via MT940/camt. Not least because fundamental questions regarding security have not been definitively resolved due to the lack of technical standards.
The highest maxim from a treasury perspective should therefore be to very closely monitor developments in the supplier market over the next months. What are the house banks doing in this field, what are other banks doing, what new services should be offered, how are security standards developing for the implementation of PSD2, what new players are there in the market, and last but not least, what cost structures are behind this – these are questions, all of which must be asked and answered in the context of how the processes in cash management and payment transfers can be operated more efficiently, securely and more cost effectively.
The fact that other innovative topics like instant payment or blockchain are already on the horizon shows the current dynamicity of the market for payment transfer services and how complex it will be in the future from a treasury point of view to put together a corresponding portfolio of services and suppliers.
Source: KPMG Corporate Treasury News, Edition 64, Februar 2017
Author: Michael Baum, Senior Manager, Finance Advisory, firstname.lastname@example.org
© 2017 KPMG AG Wirtschaftsprüfungsgesellschaft, ein Mitglied des KPMG-Netzwerks unabhängiger Mitgliedsfirmen, die KPMG International Cooperative (“KPMG International”), einer juristischen Person schweizerischen Rechts, angeschlossen sind. Alle Rechte vorbehalten.