Following on from the discussions about identity on Monday, it gets interesting to think about the customers’ data and who owns it, especially in light of the Payment Services Directive 2, PSD2 for short, which comes into force at the start of next year. The regulation forces banks to open account information to third parties who are light licensed, but only if the customer asks for the third party to have this permission. This may seem reasonable but some banks are concerned that this will lead to insecurity and fraud. Meanwhile, some FinTech firms believe banks behave this way to avoid sharing customer data and to avoid implementing the Directive in the way in which it has been worded.
Truth be told there are issues. The core heart of the PSD2 objective is to have banks sharing customer data via Open APIs, Application Program Interfaces. This would allow trusted third parties to take customer data and incorporate it into other processes online, easily through plug and play software. They will not be able to do this if every bank issues an Open API in a different format, as this would mean creating specific API structures for each and every bank. That is one fear of the FinTech community. The UK created an Open Banking Working Group (OBWG) to address this concern in 2015, and issued the Open Banking Standard in 2016 to ensure UK banks develop consistent and simple APIs for the sharing of bank data.
Another fear, issued as a manifesto by over 70 FinTech firms in May, is that the Directive has been misinterpreted by the European Banking Authority (EBA), when they published their Regulatory Technical Standards for PSD2 in March 2017. Their view is that these standards force Direct Access to online data about banking services solely through a bank’s secure interfaces, which is in conflict with the underlying principle of PSD2.
Why would banks be nervous about sharing their data? Well, maybe it’s not a concern to have some specialist firms like Klarna or PayPal accessing customer data, as they already do, but it’s creating and forcing banks to open to all. How can they control what these third parties do with that data? A key example is Facebook. If Facebook integrate payment wallets with Messenger, which they are doing, then what happens to the bank’s brand and customer relationship. If banking becomes embedded invisibly in social and commercial apps from Facebook to Amazon, and a whole range of other specialist providers, then the bank’s brand ultimately disappears too. That is one key concern.
Another key concern for the banking community is what these firms can do with that data. Banks are fully aware that they do not leverage data as well as they should. Forrester estimate that 99.5% of data in most companies is not analysed, which is astounding. Today, combining financial data with online usage from external services is becoming a critical factor in serving markets. This is perhaps a more tangible issue for banks, who struggle to adequately analyse their own internal data, let alone combining this with social data. Obviously, third parties who are good with data, such as the Amazons and Facebooks of this world, and banks are concerned that such firms will use their deep data analytics to serve customers with more relevant information than banks could ever achieve.
This gets into an interesting dilemma. There are firms such as Google and Alibaba pushing the boundaries of machine learning and data analytics. Their engines can decimate the world’s best human players of complex games like Go, and their recognition systems are better than the human eye. If they really applied their deep data analytics machines on bank data, that is a huge threat for banks, especially if they combined that deep learning with all other data made available from consumers of their digital lives.
However, on this latter point, that is what the PSD2 is meant to achieve: more competition and better customer service. PSD2 is meant to drive more choice and remove the inefficiencies of the banking markets.
The bottom-line is that there is quite a deal of friction between the FinTech community and the bank community over PSD2, Open Banking and the sharing of customer data. Banks believe that by sharing customer data they open themselves up to direct competition from the internet giants and could be subsumed in their ubiquitously overwhelming capabilities. However, regulators believe that only one constituent owns customer data and that is the customer. If the customer wants their data to be used more effectively by these internet giants, then why should they not be allowed to do so, especially if it helps them live their lives better and smarter. It will be interesting to see how this plays out but, for those in the financial community, expect it to be a bumpy ride.