Open letter to EU decision makers on PSD2 RTS – figo
Dealing with all pros and cons of the debate on the EBA’s Regulatory Technical Standards (RTS) under PSD2 and especially with the screen scraping fronts must indeed be a challenge. As it comes with far more than the usual number of hurdles. That is, most importantly: regulating fast-evolving technology. None of us involved can provide solid experience in that regard.
This open letter is not about the usual pros and cons of this debate. Others have summarised them well.
It rather intends to provide you with actual solutions, i.e. smart trade-off ideas that could mean an end to the everlasting screen scraping debate and eventually the RTS process. From our point of view, every decision you make on this topic over the next weeks should be challenged by means of the following questions, in addition to PSD2’s general goals or first level regulation limits.
Does the final screen scraping debate solution:
- minimise the climate of distrust between the banking and fintech industry and enable a joint open banking market?
- provide clear incentives for banks to build market and user-friendly APIs in due course?
- leave enough room for standardisation and automation of regulatory compliance?
Bearing in mind the provided rationales for the EBA’s opinion, but considering the above mentioned goals, we have come up with the following ideas for solutions. We chose to compare them with the requirements of the EBA’s four-fold alternative approach:
EBA’s four-fold alternative approach, i.e. proposed RTS requirements:
1. A requirement for ASPSPs to define transparent key performance indicators and abide by at least the same service level targets as for the customer interface, regarding both the availability and the performance of the interface, as well as qualitative measures to assess whether or not they are doing so (Article 31(2)).
2. A requirement for PSPs to monitor and publish their availability and performance data on a quarterly basis (Article 31(3)).
3. A requirement for ASPSPs to make the interfaces available for testing at least three months before the application date of the RTS (Articles 29(3) and 29(5)).
4. A review of the functioning of the interfaces as part of the review planned for 18 months after the application of the RTS under Article 36, to ensure information access and sharing is working as intended.
Instead, please consider our according solution ideas:
1. Oblige EU-authorities to provide the market with EU-wide minimum standards for key performance indicators.
This is to unburden the market and enable EU/national authorities to implement centralised real-time monitoring tools on authority level.
In addition, oblige EU authorities to provide the market with a clear EU-wide set of data that is to be subsumed under the XS2A right of TPPs. In this way, banks are provided with a legal certain fundament on which they can develop their open banking business models. That is in the context of providing data beyond PSD2’s payment accounts, be it with regard to the extent of provided content or the smartness of its accessibility. Also TPPs would benefit from this transparency to a large extent, while planning their technologies’ change.
2. Avoid unnecessary efforts for the market as well as authorities by obliging EU and/or national authorities to check the potential and implementation of centralised, real-time monitoring tools for regulatory compliance – in line with standardised key performance indicators.
3. Preferred option 1:
Reject the EBA’s testing approach, but limit the Commission’s fallback proposal to a certain timeframe (at least one year) in order to achieve better acceptance by the banking market.
In addition make a clear statement and provide examples of simple and cost-efficient solutions for offering fallback technology (e.g. easy standalone certificate check solutions that could be used on proxy systems in front of the online banking backend, to make sure a certificate check will be performed before the PSU’s frontend can be referred to as the direct access/fallback solution).
Extend the proposed testing period to provide TPPs with a useful and appropriate testing and technology transformation period of at least half a year before the RTS come into force.
By choosing one of these options, the RTS would also indirectly support the market in developing XS2A API prototypes in a joint effort from the banking and fintech industry. In another step, jointly developed XS2A API market standards can be obtained, which will be actually useful and prevail (if enough room is left for individual ASPSPs’ innovation strategies).
New technologies do not come with the inevitable consequence of demonising and switching off existing and functioning solutions in haste. It is crucial for EU decision makers to take the right steps at the right time and leave the market with a smart balance of actually useful standards to enable innovative technology and appropriate freedom to evolve. We hope that our ideas help to achieve this difficult challenge.
4. Align according review planning with limited fallback time frame or testing period as outlined above.
PSD2 is clear on its goal of technology neutrality. If, notwithstanding, new market players will be obliged to use dedicated interfaces, the final RTS have to provide clear incentives for banks to build market and user-friendly APIs.
Moreover, and to enable innovation, they have to minimise third party providers’ dependency on banks’ arbitrariness. If, for intransparent reasons on a political level, an unlimited fallback option is not enforceable in Brussels, an “only three month testing period” for a significant change of existing technology obviously is not a competition-friendly and constructive alternative.
Eventually, EU decision makers bear the responsibility for the Union’s interest of a prospering digital single market. Or to be clearer: for a European open banking market that can resist huge global market players.
Crossing our fingers for a mature outcome,
The figo team