PSD2 a year on: The opportunities and risks of Open Banking

The revised Payment Services Directive (PSD2) came into force on January 13th, 2018, which means just over a year has passed since Open Banking took its most significant legislative step forward.


Under the directive, financial providers of all online payment accounts – including current accounts, credit cards and flexible savings accounts – must allow their customers to share data with regulated third-party providers (TPPs). It is hoped PSD2 will bring innovation and new revenue streams to the banking industry, while providing consumers with more power over their data.


PSD2 is an EU directive, but the UK’s Competition and Markets Authority (CMA) is also driving reforms across the country to help Open Banking flourish. For example, the CMA told the UK’s nine biggest banks (HSBC, Lloyds, Nationwide, RBS, Santander, Danske, Barclays, Allied Irish Bank and the Bank of Ireland) that they must develop an Open Banking Standard.


The standard is designed to allow customers to easily and securely share their data, with version 3.1 launched in November. PSD2 and Open Banking have been described as revolutionary for the financial services industry, but where do we stand a year after the directive’s introduction?

Momentum building, albeit slowly

Expectations are high for PSD2 and the wider Open Banking phenomenon. PwC predicted revenue opportunities created by Open Banking would reach £7.2 billion by 2022, with 71% of SMEs and 64% of British adults expected to adopt it over the next three years.


Open Banking relies on application programme interfaces (APIs), which enable the software at one company to retrieve information from software at a different company. For example, Uber’s software is able to leverage the Google Maps API to help customers track their driver’s location.


Figures from the Open Banking Implementation Entity showed Open Banking APIs were used 720,000 times in May 2018. By November, the number of successful API calls had reached 17.5 million.

However, public awareness of Open Banking remains low. In September 2017, just four months before PSD2 was introduced, 92% of Brits hadn’t heard of the concept. Distrust was also a problem, with 51% saying they would be ‘fairly’ or ‘very’ unlikely to consider sharing their financial information, even if it meant products and services could be tailored to their needs.


Awareness has improved over the last year, but not much. A YouGov poll in August 2018 showed 72% of Brits had still not heard of Open Banking eight months after PSD2 came into force. More than three-quarters (77%) were concerned about sharing their data with TPPs.

Media reports on PSD2 have largely focused on potential problems, such as fraud, data breaches and privacy implications. It’s worth noting that contactless card payments also had a similarly slow start when first introduced in 2007, yet almost half of all UK transactions are now contactless.

What are the benefits of Open Banking?

The CMA performed a comprehensive review into the banking sector between 2014 and 2016, ultimately finding there wasn’t enough competition among the industry’s major players. People typically choose their primary bank for arbitrary reasons and then often become lifelong customers because there are rarely attractive incentives to leave.


PSD2 gives challenger banks, fintechs and other firms access to crucial data that can drive innovative new products and services. Large banks have traditionally been slow to take advantage of the latest technologies, but Open Banking promises to herald in a new era of innovation across financial services. We are already seeing a host of services pop up to make banking more accurate, convenient and inclusive. These include:

  • Aggregate accounts: Consumers can consolidate all of their bank accounts in a single app to enjoy a broader overview of their finances. HSBC’s Connected Money app can hold data from up to 21 other banks, including its leading competitors. Money Dashboard and Yolt also offer similar benefits.
  • Affordability assessments: Lending has been a key focus area, with many consumers locked out of credit markets due to poor or limited credit histories. Open Banking allows lenders to quickly and accurately assess a potential borrower’s spending history to identify credit risk levels.
  • Better wealth management: Allowing TPPs access to banking data can help streamline financial planning and wealth management. This helps simplify pensions, shorten the mortgage application process and support people as they set and achieve financial goals.

Many of the above services are already available in one form or another, but we are likely to see offerings and apps become increasingly sophisticated as a growing number of market challengers and incumbents vie for customers.

Understanding Open Banking risks

The future may look bright for Open Banking, but organisations must also be aware of the operational risks and cyber security problems that arise from PSD2. APIs are not a new technology, but new connections with TPPs are occurring every day and banks will need to ensure data is accessed appropriately and securely.


Another major deadline is also looming. In September, the European Banking Authority’s Regulatory Technical Standards (RTS) regarding strong customer authentication (SCA) and secure open standards of communication (SCS) will be introduced. These regulations govern the processes by which banks allow TPPs access to customer data.


RTS is expected to encourage collaboration on API usage and create more sandbox environments where new products and services can be tested away from regulatory pressures before implementation. However, the rules bring additional compliance burdens and financial institutions must embed effective systems and controls to ensure Open Banking delivers on its ambitious promises.


PwC has listed four key questions that businesses must ask themselves as they navigate PSD2 in 2019 and beyond:

  1. How will PSD2 extend our eco-system and what effect will this have on operations?
  2. What proactive steps can I take to prevent potential security and compliance problems?
  3. What measures are in place to protect customer identities?
  4. Are we prepared for PSD2 risks across all stages of our development process?

Finding the answers to these questions requires a team of professionals who have the expertise and experience to handle the complex regulatory challenges and security risks that PSD2 presents. If your financial institution is exploring the risks and opportunities of Open Banking, please contact me on 020 7936 2601 or via email at to discuss your recruitment needs.

Image credit: Rawpixel via Unsplash