PSD2: Complying with a game-changing regulatory framework

Radical change in the retail banking sector continues to unfold, with new regulatory standards being rolled out across Europe. As some banks struggle to meet challenging deadlines, Marc Edwards, Enterprise Architect at IBM Platinum Business Partner Prolifics, says help is available to ease the pain of compliance.

From September this year, the EU’s revised Payment Services Directive (PSD2) will affect the financial services market Europe-wide. As with Open Banking – the UK standard adopted by many banks to deliver PSD2 – banks must open up access to their back-end systems to trusted third-party service providers (TPPs) so that they can make use of account data and execute customer payment transactions.

The goal is to drive competition in the market, while ensuring the highest levels of trust and security for customer data. The vision is that bank customers will be able to seamlessly access all of their accounts, including current accounts and credit cards, via a single portal and be able to compare multiple market offerings in one place. In addition, consumers can also authorise third parties to make payments directly from their bank accounts, bypassing the traditional card providers such as Visa and Mastercard.

How is it going?

Fintech Third-party service providers (TPPs) are now building financial services powered by the banks’ data and infrastructure, monetising their offerings for their own advantage. It can be seen that the recent March 14^th 2019 milestone was key in the lead up to PSD2. From this date, banks had to have a working testing facility, or ‘sandbox’, that would enable TPPs to validate banks’ APIs using mock services and sample data.

At Prolifics, we worked with IBM to enable organisations to make a sandbox available ahead of the deadline. These testing facilities are now being taken forward into a production environment.

But according to a survey of 442 European banks, the picture wasn’t quite so rosy overall. Two out of five respondents – 41% – failed to comply (source: Swedish open banking platform Tink).

Given the requirement for the sandbox to be available three months before the ultimate go-live in September, these banks have a lot of catching up to do.

What’s next?

Developing a sandbox is only the start of the compliance journey. Here are some of the other major upcoming challenges…

• By September, the testing mandate means that the interaction between banks and TPPs must be able to withstand the rigours of a live environment. Stress and volume testing will become increasingly important. The regulator will need convincing that a bank’s solution works when launched into the real world.
• Also, the sandbox isn’t a one-off project. Even after the production go-live in September 2019, it must be maintained and tested against new versions of the specification.
• As a live environment exposes customer data and transactions to the internet, security becomes paramount. Customers must be confident that their data is secure, while enjoying friction-free transactions.
• Banks will need to adapt their TPP onboarding services to use eIDAS certificates, the Europe-wide framework for verifying the identity of individuals and businesses online and the authenticity of electronic documents. That’s quite a chunky piece of work! No wonder it’s a hot topic.

How can we ease the pain?

As you can see, compliance with PSD2 is not getting any easier any time soon. So how can Prolifics help?

We’ve worked closely as a team with IBM over the last couple of years, co-located in the same office, to help banks to successfully comply with Open Banking and PSD2. This collaboration has laid the foundation for expanding this solution to enable European institutions to achieve compliance in advance of the roll-out of PSD2 regulations. Built in the cloud, the solution is a fully working environment based on technology which is being used right now by some of the world’s leading retail banks.

The outcome of the Prolifics-IBM partnership is that banks looking to ensure compliance with changing industry regulations have a tried-and-tested solution, backed by our joint world-class expertise.

To find out more about PSD2 and how Prolifics and IBM can help accelerate compliance with PSD2, visit our PSD2 site: http://psd2solutions.com