April 19, 2017
The PSD2 (Revised Payment Service Directive) – going to be implemented across SEPA (Single Euro Payments Zone) in 2018 – is going to bring about many changes to how financial services are delivered to customers. The Directive has, however, been in the news since its announcement for one major shift that has caught the market’s attention. It makes it compulsory for banks to open up their APIs to third-party providers, and give them access to account information of customers who have given their explicit consent. Additionally, the Directive lays down the security standards to be followed by all players. Thereby, it encourages competition and innovation, while making the operations more secure.
One of the market players that benefits immensely from this change in rules is the account aggregator. The concept of account aggregators is not new to India. They have been around for more than a decade, using various means to procure customer data, aggregating it, and providing a range of services built on top of data analytics to customers, banks and other market players.
As the concept of account aggregators gained more importance in the emerging financial services scenario, the Reserve Bank of India (RBI), India’s central bank, came out with its own Account Aggregator Directions in September 2016. The Directions make it compulsory for account aggregators to register with the RBI as Non-Banking Financial Company – Account Aggregator, thus making them a regulated entity. The aggregators will need to have net-owned funds of at least Rs. 20 million, and shall not have a leverage ratio of more than 7.
The most impactful of the clauses of the Directions are those related to storage and use of customers’ information. The Directions prohibit aggregators from accessing the login details and storing customers’ financial information. Aggregators can no longer undertake any business other than that of an aggregator, nor can they support transactions by customers. These directions effectively take away the business model of an account aggregator as it exists today. The ease of use offered to customers in the form of auto-login by the aggregator, investment advice, sweep-in investments in accordance with predefined goals, are all a matter of the past. Nor can the aggregators offer value-added services to banks and FIs.
On a stand-alone basis, account aggregation is not really a viable business model, as evidenced across the world. The Indian financial sector customer is especially sensitive to costs and is unlikely to sign up for the service in the large numbers that would be required for making the business viable on its own. As sharing of customer information with anyone other than the customer or the FIU (financial information user) authorized by the customer is expressly prohibited by the guidelines, any possible revenue streams from that source can also not be taken into consideration for devising a business plan. What then is the way forward?
With these Directions coming into play, it appears inevitable that the aggregators’ major income source will have to be the FIUs – banks, FIs, Personal Financial Management firms (PFMs), etc. Even the FIUs currently aggregating the data themselves will now need to tie up with other aggregators for the data inputs. The only exception here would be regulated firms consolidating data only from their own sector. (E.g. If a brokerage house wants to give a consolidated picture to its customers of their various market investments, it would continue to be able to do so. However, the customer would not receive an overall picture across all financial investments.)
The aggregators face many challenges in making this transition. Most banks started looking at the associated services that could be provided to the customers only after these nimble challengers created a market for them. With these challengers out of the running, it would need to be seen as to how many banks would want to be the nimble players they are now trying to be. There is already a hesitation from the banks’ side to sign on, and it is being witnessed in the market. The banks also have resource and legacy limitations that may prevent them from fully utilizing the information being provided by the aggregators.
However, other entities like the PFMs may prove to be more willing partners as their needs would synergize with that of the aggregators. This in itself is not free of challenges as PFMs will face their own issues now. Only regulated bodies can now act as FIUs. Thus, the PFMs that are as yet unregistered with any regulator will either have to register themselves as a regulated entity or be up for grabs by one. Registering as a regulated entity entails a certain capital commitment. Going ahead, it is quite possible that PFMs that are already acting as aggregators may just want to spin off those part of their operations. This could be a huge financial burden as the spin-off operations would have their own minimum capital requirement.
Other FIUs may see this as an opportunity to take over the existing aggregators, and retaining them as a separate entity. An alternative for them would be to start their own subsidiaries/related entities for the purpose. However, the latter might take substantial investments of time and effort, while the existing players would provide a ready platform.
The second biggest challenge would be to enter into an agreement with all the FIPs (financial information providers), as laid down in the Directions. If the Directions had made it compulsory for the FIPs to share information in the event of customer consent (as is mandated by PSD2), the life of an aggregator would have become easier. It is, however, possible, that the regulator had the security aspect of identity authentication of the aggregator in mind while including this clause. In addition, not all FIPs would have the technological, infrastructural and financial capabilities to create the required secure channels.
Convincing the customer to sign up for stand-alone aggregation services is going to be a challenge in itself, even if the service is provided free. The average Indian customer is not financially savvy enough to understand the need to sign up with a third-party (for data aggregation) for a service that is being provided by his financial service provider (the add-on services). This is where the tie-ups with the FIUs come into higher focus. It is possible that the aggregator will just become a pop-up on the FIU’s website, like a payment gateway currently is.
On the other hand, the Directions have a number of positive aspects. They resolve a number of issues that were beginning to cause friction in the industry. Storing of customer’s login details by the aggregator was one such friction point. Banks had started reacting by server mapping and making OTP mandatory for even balance inquiries. The new rules prevent aggregators from storing the information. The time taken by FIPs to share the information was another bone of contention between the players. The Directions make it mandatory for the FIPs to implement the required interfaces, and to provide a real-time response to the aggregators. The issue of screen-scraping and SMS-scraping is likely to get resolved now as the FIPs, aggregators and FIUs become partners in the true sense of the word. Solutions will become more commoditized and standardized, moving away from the proprietary solutions currently in the market.
Overall, the Directions, appear to be quite balanced and appropriate for the situation, from the regulator’s points of view. The rules ensure that all participants are regulated entities, sorts out various issues that had cropped up amongst them, and makes the interplay between them more seamless. However, like all emerging areas, the new regulations can be expected to cause a high degree of turmoil till things settle down and the market finds a new balance. RBI has always had to find a balance between encouraging innovative products and players, and keeping the market place secure. These rules are also an attempt in the same direction. The only question is, Was it too soon? The reader may also expect this space to mature further, as RBI refines these Directions in future, in line with its learnings, market response and realities.