Out-Law News | 13 May 2016 | 5:06 pm | 1 min. read
Forrester said embracing the changes PSD2 will deliver rather than fighting them can help banks prepare for future changes in business models that will emerge in the financial services sector. PSD2 came into force earlier this year and will need to be implemented into national laws across the EU by 13 January 2018.
It said developing APIs are "the logical delivery vehicle" for meeting requirements of PSD2 and for combating forthcoming disruption to the market. APIs (application programme interfaces) allow software applications to interoperate with each other.
"PSD2 is just one, albeit impactful, example of a business scenario that banks need to carefully address to remain successful," Forrester said. "New business models will further reshape the industry. Strong competition will force banks to either partner with or acquire digital disruptors. New bank services will more effectively support supply chains, subject matter experts, and corporate clients."
"Progressive banks will leverage the fragmented value chain to create new business opportunities with partners – including social networks and their own and third-party marketplaces – that are in touch with target customer segments. Utility banking services are emerging, and as these become more broadly available, banks will also move away from covering the entire value chain. These examples of new business models all need highly flexible application landscapes, and well-defined sets of APIs will be crucial ingredients," it said.
Under PSD2 banks and other payment service providers (PSPs) must give so-called payment initiation service providers (PISPs) access to their customers' accounts so as to facilitate transactions ordered at the customers' request. However, in return, PISPs must observe a number of data security obligations and take on certain liabilities in relation to any unauthorised transactions it is responsible for.
PSD2 also promotes account information services, like businesses that allow customers to access information about all their payment accounts in one place. The new rules require PSPs to open up access to the accounts they manage on behalf of a customer where the account information service provider (AISPs) has obtained the "explicit consent" of that customer for such access. Like PISPs, AISPs also face data security obligations.
In addition to rules on customer authentication, facilitating third party access to accounts and account information, data security and liability, PSPs must also abide by a range of requirements relating to transparency over account services and charges, major operational or security incident reporting and complaint handling, amongst other things.