PSD2 Readiness: How the Nordic Region Has Its Nose Ahead

As part of MEDICI’s periodic research on compliance and readiness of PSD2 and Open Banking, we validated the above hypothesis in an interview with Rune Mai, CEO at Nordic API Gateway.

The Second Payments Services Directive (PSD2) went live in the EU on September 14, 2019. Although strict enforcement of Strong Customer Authentication (SCA) has been delayed until at least December 2020, about 6000 banks in the unified region are expected to be now ready with payment APIs for third-party (TPP) consumption, as required by the directive. The on-ground situation, however, is different. As several studies point out, barring the UK—which has maintained discipline in standards, implementation, documentation, and narratives—the rest of the EU still has a long way to go to achieve satisfactory compliance.

One of the key metrics to assess PSD2 adoption and readiness is the number of third parties that have secured AIS and PIS licenses in their respective domestic markets. The Nordics outperform the rest of the markets in this and perhaps unsurprisingly so. According to the Digital Economy and Society Index 2018, the Nordics (Sweden, Finland, Norway, and Denmark) trumps the rest of the EU in several digitization parameters across private and government initiatives. This is visibly evident in the low levels of cash usage, acclaimed digital ID initiatives, and the overall success of several digital public services programs.

According to a white paper released by Nordic API Gateway, the concentration of TPPs registered for AIS and PIS services outstrips the rest of the EU, demonstrating higher interest and better readiness of banks to integrate with them. Additionally, the proportion of domestic TPP registrations in their respective Nordic member states far outweighs those passported from the rest of the EU. On the other hand, in the UK, which has done exceptionally well in TPP signups, passported entities are a higher proportion.

Better readiness is a precursor to faster unlocking of the true potential of the directive. The faster banks and TPPs check the compliance box, the easier it becomes for all players in the ecosystem to work on value-added services. This is the door to monetization. While this is bread and butter for TPPs, banks too are gearing up to this reality. The paper, which captures feedback from over 100 decision-makers in the Nordics, also highlights the higher levels of awareness, conviction, and belief in the transformative potential of PSD2 within the region. 

MEDICI spoke with Rune Mai, CEO at Nordic API Gateway, on several aspects of PSD2 related to its changing perception among incumbents, the current state of compliance, revenue opportunities, and the implementation challenges posed by fragmented standardization (not as ironic as it sounds). Here’s the transcript of the interview:

MEDICI: What kind of shift in perception and approach have you observed in banks with respect to the acceptance of PSD2 in the last 12-18 months, considering the initial pushbacks when the regulation was being framed?

Rune Mai: Nordic banks, in particular, have been early adopters of technology and are backed well by digitized governments allowing for unified ID technology. This has helped banks to offer technological solutions to consumers and businesses. This has also had a very positive impact on the approach to Open Banking and PSD2, as many banks see these as opportunities more than threats. On a more general note, banks in Europe have gone from believing that they would be commoditized to realize the true potential of ridding themselves of a legacy by becoming a large third-party provider themselves, now enabling banking through their offering for all engagements (account aggregation) and lately, letting customers pay from any account from any bank in their banking apps.

The last six months have shown the start of a wave. It is a transformation of finance as we know it allows banks to become international faster and easier than ever before. This gives them a level playing field to compete against each other and the rest of the market.

MEDICI: What kind of revenue opportunities does it open up for banks in the short-term and long-term?

Rune Mai: Short-term revenue opportunities will stem from building new technologies to win the interface relation with customers regardless of bank, and then be the primary provider of financial services and products. The real potential for banking is related to a tectonic shift in how banks operate their front ends. We will see banks seize the opportunity of the API economy by offering premium services through platforms like Nordic API Gateway, to reach more significant markets faster with less effort.

The future of financial services will be all about being part of platforms that own the relationship with consumers or business owners—either build them yourself or through partnering. This is where the premium APIs will play a central role.

MEDICI: Your research clearly shows a high number of TPP registrations in the Nordics. In your view, how easy or difficult has it been for them to integrate with bank APIs? 

Rune Mai: It is, by no means, a task that a TPP should embark on by themselves. The PSD2 APIs are regulated under the same standard, but it doesn’t mean that they are the standard from a technology perspective. Nordic API Gateway has spent a tremendous amount of time engaging with banks offering PSD2 interfaces to mature the interfaces to a level acceptable for live usage while combining all the interfaces into one simple, standardized API for TPPs to use. TPPs can then focus on their core business instead of maintaining and monitoring all these connections.

The environment in the Nordics has been the perfect breeding ground for Open Banking in general. This is because the banks are digitally mature, and consumers have some of the highest digital adoption rates in Europe. This has also led to the appearance of many new TPPs.

The mindset of Nordic banks and FinTechs is to cooperate with each other to support the opportunities. This has allowed Nordic API Gateway to mature the Open Banking space very quickly.

MEDICI: Data from the rest of the EU shows that the time taken for APIs to be integrated, and their performance hasn’t been satisfactory. How would you comment?

Rune Mai: Building and maintaining public APIs have not been something that banks have been used to doing. It is a continuous product effort to deliver and sustain a high-performance API with high availability rates. Empirically we already knew before PSD2 that the inception would be hard. UK Open Banking revealed long lead times from launch to stable quality, and in Germany, APIs have been in place for many years but in a very fragmented form. So Nordic API Gateway took the stance early on that it should be a driving force in maturing these APIs with banks. It has total respect for banks struggling with this, and it has deep cooperation with many banks on refining solutions.

So basically, yes, the quality and performance of PSD2 APIs have not been adequate, but banks are getting there fast.

MEDICI: In the Nordic context, apart from payments, which other significant services do you see being positively impacted by PSD2? E.g., consumer lending and business banking?

Rune Mai: In particular, we see business account access as a key driver for business process automation and cost reduction in the account system space. Right now, many accounting system providers are automating the bookkeeping itself, freeing up time from SMEs and lately, adding the ability to pay invoices and bills directly from the accounting systems, thus removing the constant iteration back and forth between the accounting system and bank. Soon we will see accounting systems become the primary interface for banking customers, bringing revenue streams for banks in jeopardy because banking app access is no longer needed. In reverse, banks are building technology themselves to take this throne. Again, a perfect example of a market with a more level playing field.

We also see a huge opportunity to put data in play for onboarding and credit scoring to allow for much fairer rates for consumers. Building credit profiles based on spending history will be a huge driver in meeting the new regulatory requirements enforcing lenders to document that applicants have sufficient funds.

MEDICI: What is your view on fragmented standards and API specifications? Will it make execution difficult for TPPs that want to passport their business to states that run on different standards? How does Nordic API Gateway intend to solve this issue?

Rune Mai: Yes, it will be hard for TPPs to engage in an international expansion without API aggregators. There are too many APIs and too much fragmentation; however, luckily, there are a number of aggregators to engage with. Nordic API Gateway delivers one unified API for accessing personal and business accounts and also enables direct payments from accounts in many European countries. Within the next 6-12 months, we would have been fully rolled out across Europe. The reason for this steady rollout is to enable us to focus on quality and compliance. We take it complying with local authorities and payment laws very seriously and still want to provide the same high-quality service with full country coverage.

MEDICI: What is the most significant impact you would see in the EU in the next five years as an outcome of PSD2?

Rune Mai: Commenting on the competition Netflix put in their annual report from 2019 that any provider taking away free time from people who subscribe to Netflix is a competitor. This is a way to say that competition no longer sticks within sectors but gets more generic and will provide the right level of convenience to people. PSD2 data and payments will be a huge driver in this paradigmatic shift in how we consume services and our expectations of services that help provide convenience. Any company acknowledging this will be the winners of the future, whether it’s banks, FinTechs, retailers, or tech companies.