For bankers in the EU, there is a lot to dislike about Payment Services Directive 2 (PSD2). It requires financial institutions to extend resources to build APIs for accounts, payments and transactions. These APIs must be made available to any approved third party creating new security challenges, plus the whole purpose of PSD2 is to help third parties to better compete and take business away from established financial institutions.
But PSD2 is a done deal. A blog in InfoQ provides a perspective on how banks can think about their market position in light of the realities of PSD2:
PSD2 brings a lot of challenges and investments for banks without any financial compensation in return: they have to invest in an API gateway, API security, modernizing some of their core systems to expose APIs, etc. and they have to offer the same performance for their APIs as for their existing banking app and website (meaning no throttling allowed). So, as bank, you can definitely consider PSD2 as a legal obligation similar to GDPR.
On the other hand you can also see it as a first step in opening up your core systems and becoming a digital player. If you were planning to strive for an Open API business strategy, than the PSD2 investments are anyway necessary. PSD2 forces you to offer the 3 APIs for free, but PSD2 also doesn’t prevent you from monetizing other APIs (credits, investments, identity, etc.)
The article outlines four possible approaches to take with PSD2 from a De Minimis approach to exploiting the regulations for the bank’s advantage:
- You can be ignorant to any open API ecosystem in your industry
- You can be the consumer of APIs offered by others and use these in your solutions and products to offer higher added value services to your customers.
- You can be a provider of APIs: either you get revenue from your APIs directly because you monetize them. Either you use APIs as a way to increase the attractiveness and added value of your existing products or you use APIs as a way to increase their sales.
- If you are active in a regulated industry, you might also be forced provider. Maybe you don’t believe in APIs at all, but you have to offer them to be compliant.
- You can act as platform: linking providers to consumers, aggregating providers, allowing different providers in the industry value chain to exchange information through your platform etc.
Mercator Advisory Group has written several reports regarding PSD2 including this more recent paper that can be found here.
Overview by Sarah Grotta, Director, Debit and Alternative Products Advisory Service at Mercator Advisory Group