Open Banking II — PSD2
Part 2: Discussing the Payment Services Directive 2 and open banking regulations.
Short History of PSD1 and 2
The single market ideology has initiated a systematic approach towards the all money market, including the banking system. The payment system is one of the topics that was regulated with the Payment Services Directive (PSD) in 2007. Regulation enabled new financial actors like electronic money institutions and payment institutions. New actors and traditional institutions needed new appropriate licenses from the authorities.
This was just the beginning and one step towards the PSD2. European Parliament adopted a new directive in October 2015 that would replace the PSD from January 2018. “The revised Payment Services Directive (PSD2) provides the legal framework for retail payments innovation by setting rules for third-party payment service providers. PSD2 enhances consumer protection and increases security for payment services”. PSD2 enabled a new party development and announced the new license Account Information Service Provider (AISP). It also expanded the concept of Payment Initiation Service Providers (PISP) and defined Card-Based Payment Instrument Issuer (CBPII).
AISP was democratising the data ownership. It could be seen as a new playfield and challenge for the traditional banking model. The new business models emerged, the Financial Data Aggregators and led FinTech start-ups to sprout.
AISPs and PISPs
The restricted data, payment account information (balance and transactions) opened to the public. Bank customers got privilege to access to an assortment of banking data via different channels with the Account Information Service Provider (AISP). AISP’s collect the data from different banks and combine them to provide a value added service to their customers.
On the other hand PISP enables a third-party service provider to initiate a payment order at the request of customers and to provide the related services within a statutory framework.
The Ownership of Data Defined
The new regulation defines the ownership. The data owners are the customers, not banks. The banks lost control of the data. The customers’ consents are required before any data transaction or usage.
“Additionally, companies which operate under the AISP and PISP status cannot use the user data arising from payment transactions they intermediate to improve their business models as such a data record falls outside the purpose of the service”
Are API’s Regulated?
PSD2 does not provide a API standard or a framework. However the Berlin-Group and STET are filling the gap and building bridge with banks and third parties with their governance assurance. The Berlin-Group announced the NextGenPSD2 initiative in 2017, which covers more than 1,700 banks from 20 countries and was adopted and followed by 78% of the European banks.
Disclaimer: This article has written for informational purposes only and does not constitute advice or an opinion binding people and/or institutions. It is intended to explain Open Banking.
Sources: Mersch Y. 2019 Lending and payment systems in upheaval: The Fintech Challenge,
FinTech Istanbul, 2020 — Open Banking in the world and in Turkey: The Future of Banking,
M. Polasik, A.Huterska, R.Iftikhar, S.Mikula, 2020 The impact of PSD2 on PayTech sector development in Europe.
