It’s important to understand why APIs are so strategically important, not only in the payment space but in the financial sector as a whole. I thought I’d put together a few posts on the European banking API environment because it is rather dynamic at the time of writing. So here we go!
The organisers of the International Payment Summit 2014 decided to take a little bit of a risk by turning over half of the Day One program to Consult Hyperion for a Future of Money Unconference to explore the subject in an interactive and (hopefully) fun way. So we set off for the Hilton Tower Bridge bright and early on April Fools’ Day to test the theory.
As you might have expected, mobile phones and social media were the main technologies that the delegates were discussing and I did learn a lot about different kinds of financial services organisations varying approaches and attitudes, but personally the area of discussion I found most engrossing was around third-party access to bank accounts, the so-called “XS2A” consultation. This is rather a hot topic in Europe because of the European Commission consultations underway in this and related areas.
Forum friend Thaer Sabri, the CEO of the EMA, gave a super presentation on “PSD and third-party access to accounts” that provided a valuable update on the situation. He began by pointing out that the European regulatory landscape, over the last decade or so, hasn’t been too constraining and has allowed a reasonable Payment Service Provider (PSP) marketplace to develop and went on to explain how what he called the Technology Service Providers (TSPs) would be developing in the future as well. In the new Payment Services Directive (PSD), PSP’s will be divided into two categories, as I’ve written before, so that there will be the Account-Servicing PSP’s (ASPs) and the Third-Party PSPs (TPPs). The TPPs come in two flavours: Payment Initiation PSP’s (PIPs, that might be someone like Nutmeg) and Account Information PSP’s (AIPs, that might someone like Mint).
Thaer went on to talk about some of the additional provisions: that ASPs will be compelled to provide information on funds availability; that PSPs will have to provide a common API under the auspices of the European Banking Authority (EBA) – and we’ll be coming back to this “euro-API” in future posts; and that new payment instruments (e.g., decoupled debit) will allow third parties to create payment products on top of that API.
There are of course a great many unanswered questions about the legislation, as there always are with this sort of thing, and the answers will shape some aspects of the business model. For example: are end-user contracts sufficient or will TPPs be required to have contracts with banks? And the obvious question of where liability rests in the event of unauthorised transfers, which is the sort of thing will need to be sorted out before any of this can go anywhere near consumers. Thaer did the audience (and me) a great favour by sketching out some of the likely business impact of these changes and pointed out something that I think is likely to require some significant thoughts on behalf of participants: what is going to happen when bank apps can use the euro-API to access the bank accounts of competitor banks?
He was kind enough to stay in joining the discussions on the “regulators table” (several people had put regulatory questions on their post-it notes for discussion even before he had started talking so we set aside a whole table just for this) and I’m sure everybody will join me in thanking him for his time.
This is the sort of thing that makes unconferences rock, and one of the reasons why I love them so much. I look forward to seeing all of you at our next unconference, which is the 3rd CHYP/NYPAY Tomorrow’s Transaction Unconference at Google in New York on Monday 22nd September where you’ll be able to get round the table with some of the leading thinkers in the FinTech space, including Brett King from Moven and Matt Harris from Bain Capital Ventures. Oh, and I’ll be there too, conference bombing them.
Please note that EBA as abbreviation has two different meanings: EBA is the Euro (!) Banking Association, while EBA is also the European Banking Authority (as you correctly use in part 2).
EBA as in the first meaning is not associated with providing any APIs
Thank you for noting.
I will add this clarification, thank you very much Britta.