In 2018, the European Commission had a big idea for fostering innovation and competition in Europe. All banks would be obliged to share information (APIs), allowing fintechs to interact with banks and creating a myriad of possibilities for finding the best deal to even paying the doctor. Through amending the existing 2007 Payment Services Directive into a PSD2, it would further protect consumer data, launching a plethora of products from better mortgage to comparing household bills to tracking payments across all accounts.
No longer would banks be able to inflict loyal customers with second-rate apps and expensive loans. Instead, customers would easily flip between their accounts, maintain their investments with the click of a button and move to the best competitor.
At a time when post-pandemic retail customers are taking a greater interest in personal finance, open banking should soar. Yet it’s 2022, almost a full four years since PSD2 was launched, and in many ways, open banking is floundering in Europe, not least of all in Luxembourg.
“Every bank is complying,” said a source at the Central Bank of Luxembourg (BCL). “They have to. But few banks are exploiting PSD2 in the way it was envisaged.”
The sentiment is echoed time and time again among sources familiar with open banking. One source working in the financial services area goes even further. “It’s a disaster. With competition coming from Asia superapps WeChat and Alipay, open banking in Europe just isn’t going to fly.”
Banking reluctance
Luxembourg has historically performed well in the payments innovation space, with an efficient regulator boasting a team of payments institutions experts and the likes of mobile payments platform Payconiq (formerly Digicash) launched in the country. “Six to eight years ago, Luxembourg looked set to be the leading country to transpose PSD into law,” said the financial services source.
Yet progress is now sluggish, and part of the blame lies with the banks. For some, PSD2 regulation represents nothing but time-consuming regulatory headache with very little tangible benefit. The effect is amplified in Luxembourg, which hosts €508bn assets in the private banking sector as of December 2020, according to the Luxembourg Bankers’ Association (ABBL), where payment accounts fall under the PSD2 but cannot exploit it in the same ways as retail banks do.
“While private banks have payment accounts, they primarily use them to route payments to savings and securities, so it’s not a customer interaction point as it is for a retail bank,” said the financial services source. “Yet they fall within the scope and have to comply.”
Ananda Kautz, head of innovation, digital banking & payments at ABBL, agrees. “Wealth management and private banking clients have payment accounts, but it’s not through this that they differentiate their services.”
For retail banks, the benefit is clearer. Payment accounts are a customer interaction point through which they can sell products which make a profit margin. “It’s a serious threat to be disintermediated from this customer contact point, so it’s strategic to comply or at least to put in place common resources,” explained the financial services source.
Luxembourg bank Spuerkeess is one of the banks to embrace the possibilities under PSD2. The bank, in collaboration with BGL BNP Paribas, Banque Raiffeisen and Post Luxembourg, created Luxhub in 2019, an open banking fintech delivering PSD2 compliance to institutions in Luxembourg.
Spuerkeess has also pioneered multiple third-party bank account management through its S-Net app, allowing customers to manage accounts with six Luxembourg banks plus neobanks N26 and Revolut in one place. It also sees wide potential for revolutionising payments in Luxembourg.
“APIs could help people pay their doctor through the Luxembourg health insurance system, the Caisse nationale de santé, in a smoother way,” Spuerkeess’ head of digitalisation, Fred Giuliani, explained to Delano in an interview in November 2021. “At present, you pay your doctor, submit receipts and the CNS reimburses 80%. With the correct APIs, a Spuerkeess customer could pay the doctor only the 20% they would pay anyway, with payment triggered directly between CNS to the doctor for the remaining 80%.”
Luxhub has also become a key PSD2 enabler for retail and private banks in Luxembourg and in Europe. “To overcome the PSD2 APIs fragmentation challenges, Luxhub has developed one single API to facilitate integration for API consumers. On top of this product, Luxhub provides account aggregation and payment initiation services to regulated entities and can offer similar services to non-regulated entities,” Claude Meurisse, chief operating officer at Luxhub, told Delano.
However, sources privately disagree. “In many ways it’s slowing down the interaction with fintechs as it’s the only entry point for startups,” said the financial services source.
“What are the banks in Luxhub going to do beyond PSD2? They are competitors so it’s hard to agree on a common roadmap.”
Sticky regulation
According to some commentators, PSD2 is part of the problem. Although the original PSD text was “a good enough compromise”, according to Ralf Ohlhausen, chair of the European Third Party Payment Provider Association, certain regulatory technical standards introduced in 2018 made life very difficult for the third-party payment providers it was meant to help.
One of these was the so-called 90-day rule, which forces customers to re-authenticate their accounts every 90 days. “In essence, AISPs have to start from scratch and onboard their customer base at least every 90 days. This means they lose valuable customers every 90 days,” Ohlhausen told Delano.
Monopoly APIs, where banks have the freedom to make just one API-dedicated interface available to TPPs and to block any alternative access, means that these payment providers have no fallback to any other user interface when the bank-enabled interface fails. Other obstructions include allowing TPPs only four API calls per day without customer presence, meaning the customer can no longer receive real-time alerts and preventing the addition or removal of trusted payees, forcing the customer to update their own payees and opening the process to error.
Although individually small errors in functionality, these obstructions have the combined effect of turning customers off the much-vaunted seamless payments that open banking was expected to enable.
For TPPs, the effects are even more serious. “Many TPPs have moved away from business-to-customer services to business-to-business services as a result of the 90-day rule,” said Ohlhausen. “Worse, some of these TPPs are startups who launched their businesses in expectation of innovating and competing under new regulation. They are finding they can’t operate successfully and are either selling to others with deeper pockets or are going out of business altogether.”
While some changes are on the horizon, for example, the 90-day rule went under consultation with the European Banking Authority in November 2021, the process has been slow and cumbersome.
“Two years on from when the RTS on strong customer authentication went live [in September 2019], the vast majority of APIs are still not compliant with PSD2 and RTS,” said Ohlhausen. “Very few [national] regulators took action to set deadlines or to enforce penalties in cases of non-compliance. We’ve essentially lost a year in the process.”
Given the clunky start to PSD2, a group of industry participants have united to create a more industry-led approach under the SEPA API Access Scheme. This will provide the additional features allowing TPPs to compete with card payments and the bigtechs at “eye level” and compensate banks for it.
“The biggest lesson [we] learned so far is that trying to enforce good APIs with technical regulation results in an endless and destructive cat-and-mouse game,” said Ohlhausen. “Banks must want to create a good API and must be properly incentivised to do so.”
Regulating the desired outcome, rather than technical details, can go a long way towards that, he added.
A disrupter--or not
As time drags on, there are question marks hovering over open banking’s disruptive potential. “It’s something of a damp squib,” said Nasir Zubairi, CEO of the Luxembourg House of Financial Technology. “There’s nothing hugely disruptive about an API, not with the constraints around authentication that have come with PSD2. Hopefully, open banking will eventually lead to more customer-oriented solutions.”
Zubairi argues that there could be greater value in using the data supplied by APIs as a third-party aggregator for simplifying KYC [know your customer] process and onboarding in financial services. “Strong partnerships between banks and fintechs have been created in Luxembourg, looking at various ways to exploit data throughout the banking product cycle,” added Kautz.
“I see a real evolution when financial services become embedded in a transaction,” expanded Zubairi. “For example, embedding insurance or even the approval of a mortgage in a house purchase.”
Some of the directions in which PSD2 intends to progress should create more interesting opportunities for customers beyond the arena of payments and into the areas of trading and investment. This will help capture some of the pent-up capital held by retail customers unable to spend on experience-related goods during the covid pandemic.
“Most banks have a trading facility but it’s not always that good. However, APIs from brokers will let customers trade directly through their banking platform,” Giuliani told Delano in the November interview.
However, it is not all bad. In comparison to other European countries, Luxembourg has fared better in the adoption of PSD thanks to its coverage and various existing solutions for payment such as Fitbit, Apple Watch and Apple Pay. “The [payments] market in Luxembourg is quite sophisticated,” said Kautz, while Ohlhausen agrees. “Luxembourg is certainly not the biggest problem [in Europe].”
Yet not being the biggest problem is not the lofty ambition of a country which has historically been a centre of excellence in payments. Sources point out that Luxembourg itself has lost opportunities to smooth the process for open banking and in other areas of payments innovation and a great deal of this responsibility lies not just with regulation but with the regulator CSSF.
“The regulator needs to make the process of granting e-money licenses smoother and quicker,” the financial services source concluded. “This will help Luxembourg to lead the way on payments [and other areas] as it used to.”
This article first appeared in the February 2022 edition of .