Designing Financial Services under EU Open Banking

We have been taking a deep dive into three emerging open banking regulations that will evolve the open banking/open finance landscape in Europe and that will ripple out across the world. We have provided an overview of the next evolution of the EU open banking regulations, which we are calling the EU open banking regulation triumvirate, the potential impacts on security and fraud prevention, on consumer privacy and the roles of existing stakeholders, and today we finish with a look at how the regulations could propel a new generation of  innovative digital financial products and services. We also discuss similar regulations around the world and touch on a fourth regulation: The European digital currency. 

Theme 4: Expanded digital financial service opportunities and solidifying of embedded finance service delivery

The combination of the three regulations will impact on the emerging embedded finance sector and create multiple opportunities for more open banking and open finance products and services. All three regulations are at least partly motivated by a desire to expand the choices available to consumers.

In our ecosystem model above, and as discussed in detail in our post on security and fraud prevention, we note that digital readiness (customer capacity to use fintech apps  and understand their data sharing rights, for example) and security and privacy (where customers won’t even use the fintech if they think there are fraud or security risks) are value enablers. That is, the higher the digital readiness, and the more robust the security and privacy, the more customers will make use of open banking/open finance products and services.

In terms of strengthening security and privacy as an enabler, we believe the instant payments and PSD3 rules that introduce Verification of Payee (VoP) and create a payment services provider responsibility for reimbursement could potentially be a game changer in terms of adoption of open banking and open finance products and services. These rules increase the clarity that consumers have when transferring money digitally: they can confirm that whoever receives the money is their intended recipient and if for some reason that isn’t verified, the payment services provider is responsible for reimbursing the money if it is sent to a fraudulent or incorrect account. The VoP approach also provides greater clarity for merchants and online retailers, embedded finance providers and any digital organisations that offer online payment acceptance in some way: it ensures they are connecting with legitimate customers in this age of phishing and other scams, hacks, and AI misinformation.

Some potential new services enabled from these regulations are discussed in the previous blog post on changing ecosystem roles, but there are a whole range more that could be tested. A very quick back-of-the-envelope brainstorming includes:

• For identity: Services that enable faster onboarding/account setup for merchants, government departments, utilities, and so on; access to government and other essential online services (banks, utilities, transport, etc); enhanced e-signature options; consent management for data sharing activities and sharing data on the value that the consumer or society receives from the data sharing.
• For payments: Perhaps there are new variable recurring payment (VRP) options, for example, we would love to see VRP used in combination with Buy now Pay Later for those users who need greater flexibility in their repayments; unbundling of payments services from other value-added services in order to increase the adoption of non-payment related services (like Stripe is currently doing).
• For account information: One of the services we would like to see is an ability for users to connect their account information with their Buy Now Pay Later (BNPL) at the checkout to be informed if the instalment plan is actually unsustainable based on their recent account history. On the face of it, BNPL might not see the business model in this: but perhaps users could save the purchase to their favourites and be informed when their account transaction data suggests they could take on a new BNPL agreement, promoting financial literacy for the shopper and ensuring the continued viability of the customer for the BNPL provider. (Surely AI could help with this?)
• For instant payments: This could also make embedded financial services at the point of sale more possible as customers could immediately purchase related services at that time. For example, on travel sites, customers could pay for guided tours or rental cars instantly alongside their hotel or flight accommodation, perhaps receiving a discount or loyalty reward for locking in the purchase. Embedded insurance at the point of sale could be immediately paid to the insurtech provider, with perhaps an offer of a lower premium for the immediacy of payment.

Similar regulations around the world

The regulation milestone maps in our Q2 Open Banking/Open Finance Trends Report details all upcoming regulations from around the globe that will impact on ecosystem stakeholders. In particular, activities in the UK, Australia and Brazil are currently focused on aspects of instant payments and data sharing. New Zealand and India have also announced new account verification payments processes.

UK started with a similar model called Confirmation of Payee at an earlier stage than Europe, and has recently extended the scheme to cover payment services providers. For reimbursement, the UK originally introduced a voluntary reimbursement scheme for financial institutions, but with widespread success where UK consumers have been reimbursed hundreds of millions of pounds, regulations are being introduced to mandate reimbursement.

In Brazil, new recurring instant payments services are being mandated to enable cross-service transfers between payments services providers by October this year.

In Australia, banks have been required to introduce new name-checking verification processes to reduce fraud.

Where digital currency regulations fit in

There is one more European regulation that sits alongside these three major regulatory approaches: The Digital euro package.

While this work is progressing, we are less bullish on the impact this will have in the near term. We know there is a lot of interest in digital currencies, partly as a hangover from cryptocurrency, which we continue to be sceptical about. Cryptocurrencies are speculative and there are no real use cases outside of trying to encourage others to invest in crypto so your own holdings increase in value. The wide use of cryptocurrency for ransomware and money laundering, the exorbitant energy use which we have been promised for years was something that was going to be addressed in the near future, and the inherent disparities and concentration of power amongst the investors and crypto/web3 governance mechanisms all suggest that cryptocurrency is ill-suited for widespread adoption. We track crypto financial services as part of our open banking datasets, but we are reluctant to highlight their potential in enabling value to be generated and distributed amongst stakeholders. Digital currencies, while different, do have some similarities: the use case is unclear and we are uncertain the energy use of infrastructure to enable digital currencies has been addressed as yet.

What is the use case of digital currencies that will not be addressed by the digital identity wallet and regulations like instant payments? In these cases, we have a trust framework and money acts in a digital flow in any case. When we make instant payments, the money automatically shows in our bank accounts and often we spend directly on another online service, never actually touching the cash. The preparation phase of the digital euro project started on 1 November 2023 and will initially last two years. It will involve finalising the digital euro rulebook and selecting providers that could develop a digital euro platform and infrastructure. We are taking a watch-and-see approach. I am sure there are stakeholders who want to prepare for possible opportunities and I understand the need for large banks to participate actively in discussions and directions, but for the bulk of the open banking/open finance ecosystem, we recommend a focus on the immediate horizon and opportunities of the regulations outlined in this article.

Next steps for stakeholders: what to work on for the rest of 2024

For banks

• Map out a work program agenda that aligns deadlines from all three sets of regulations. Identify how each area of regulatory work will build on other deadlines. For example, the instant payments requirements for a Verification of Payee API in early 2025 will also be needed for implementation as part of the PSD3/PSR in 2026. The data sharing customer dashboard that will be needed for the digital identity regulation is also aligned with PSD3.
• Map regulatory milestones to a timeline and look at opportunities to participate in broader interoperability discussions (such as European Payments Council’s SEPA Inst schema and rulebook, and future schema and standardisation discussions for the customer dashboard).
• Identify business opportunities from implementing regulatory requirements earlier or with value-added service components. Look at ABN-AMRO, CBI and some fintech like Klarna and Finastra are doing to build out value-added services on top of verification of payee. Many merchants, for example, are interested in other fraud prevention, and login auto-complete services that strengthen their checkout processes.
• Consider the roles you would like to play in a digital wallet ecosystem, as discussed by Mobey Forum.
• Clean up your own data governance processes ahead of FIDA timelines so as to better generate value from your own data systems.

For aggregators

• Consider the role you would like to play in the digital wallets ecosystem.
• Create specific APIs, guides, and targeted materials to assist digital wallet providers use your APIs.
• Consider creating targeted materials for different types of wallets and for wallet providers by segment.
• Create a Verification of Payee API and consider value-added service opportunities.
• Reach out to payments services providers to discuss new opportunities with the increased role of payments providers in the open banking/open finance ecosystem.

For fintech

• Map out the regulatory milestones and potential impacts and deadlines that will affect you. For example, update your strong customer authentication workflows: for example, in future you will need to conduct SCA once with the customer’s bank account, but after that account information service providers are responsible for ensuring SCA during each data access. Verification of Payee API requirements are also mandated for payments services providers. Two factor authentication requirements also change.
• Look at where these regulations represent a market opportunity. Look at global and European-wide examples that could be “copied with pride” in your market.
• Move away from creating generic, lowest common denominator services for large populations and get back to designing services for specific target segments that address real needs. Focus on viable segments and build out from there.
• Look at banks as a partnership opportunity. Where can your products complement banks and strengthen their customer relationships? What banks have gaps in their product range that you could help fill.
• Look at opportunities to partner with SaaS providers and digital wallets providers to embed your services in their customer journeys.

For API industry

• Amongst security, identity, CPaaS, API observability, API design and lifecycle tooling: Start thinking of your marketing and support approaches for the open banking and open finance sector. Some players have already done so: API management providers Axway and Sensedia for example have specific products aimed at supporting their open banking customers.
• You can create specific content aimed at ensuring that banks and payments providers are aware of the services you offer. This can be done initially by offering dedicated landing pages, and by releasing white papers and content that describes your products and services to these audiences.
• Consider creating an accelerator-type hub that addresses or integrates common open banking components into your products and services, for example: how do open banking API standards get integrated into your products, or are you planning on future features that align with the proposed FIDA framework for future data models for financial data? For those working in embedded finance, do you make discoverability of embedded finance services easy to find and integrate?

For consumer associations and financial inclusion advocates

• Participate in upcoming work to define the consumer dashboards standards. Consumer organisations should have a seat at decision-making structures aimed at defining the rulebook and standards being proposed for consumer permission dashboards. We understand this work will be led by the European Banking Authority.
• Consumer organisations and financial inclusion advocates should seek to participate in PSD3 proposed activities that encourage the EBA and EIOPA “to issue guidelines on the use of customer data … originating from other sources for the purposes of creditworthiness evaluation of natural persons as well as risk assessment and pricing of life, sickness and health insurance.”
• There is a need for urgent work to ensure that the financial inclusion opportunity of digital wallets is tested in pilots. Brazil was a world leader in introducing metrics to ensure that as their instant payments systems, Pix was introduced, during the initial COVID pandemic, that the uptake across socioeconomic groups and by smaller businesses was measured. They were able to adjust implementations to support those with greater need who were not at the time making use of instant payments. In Europe, pilots like the European Payments Initiative’s Wero digital wallet already have a potentially unequal focus. The initial pilot is occurring in the higher income European countries of Belgium, France and Germany (with the Netherlands marked next). But in addition, the initial use cases being tested do not appear to focus on the needs of financially excluded populations. We believe a strong consumer and financial advocacy voice is needed to ensure that the first use cases being tested for digital wallet technologies focus on supporting those who have struggled with providing documents for opening bank accounts, receiving money, gaining employment, or demonstrating credit-worthiness.
• A stronger voice is needed to ensure regulators are measuring the impacts of open banking and open finance. PSD3 regulations extend on PSD2 requirements that already mandated that banks publish API performance data, but more public data is needed: the amount of API calls, or number of accounts that are making use of open banking would be helpful, the average transaction amount that is transferred via payments APIs, the level of adoption of third party provider products and services that integrate with a customer’s bank account information would be useful, a breakdown of what type of services consumers are integrating, the fees and charges of third party apps and services that make use of open banking, and the number of previously marginalised consumers (migrants, women-owned businesses, young people, startups, smaller businesses, rural and remote populations, etc) that can now access credit and other services.

For regulators

• For instant payments regulations, there is a clear deadline for introducing Member State level regulations that align with the European-wide regulatory framework. Similar national-level regulatory work will also have to occur for digital wallets and the PSD3 packages.
• There is an urgent need for regulators to create monitoring systems that measure the value of open banking for the local economy. The UK’s Open Banking Implementation Entity (OBIE) approach is worth considering: they describe an evaluation framework that outlines the theory of change of open banking, that is, they mapped what the intended impacts of open banking regulations would be for the local economy, and then identified metrics that could help measure that framework. While we think this is laudable, we also think more work could be done to enable automated metrics to be collected: the OBIE model relies heavily on consumer surveys when various stakeholders are already collecting data that demonstrates actual adoption and usage patterns. Greater requirements for stakeholders including banks and fintech to share this data with regulators is required in order to create a meaningful ecosystem monitoring framework and to ensure that open banking does not consolidate power amongst a few financial institution stakeholders or replicate the lack of consumer choice that helped galvanise the introduction of open banking in the first place.

As noted by the regulators themselves, these regulations do not reflect a fundamental shift in the open banking landscape in Europe, but they do reflect a significant evolution towards a data economy and a single digital market, and enable digital infrastructure and ecosystem approaches to become the core banking/finance model moving forward.

The fast-paced deadlines, that commence in January 2025, will require action now from all stakeholders: banks, fintech, aggregators, consumer associations, tyhe API industry and regulators.

Contact us if you would like to discuss some of the ideas presented here fiurther or if you would like help with data and research, policy responses, aligning with best practices, building go to market strategies, addressing data governance needs, or mapping emerging opportunities. Subscribe to our open banking trends report or to our newsletter to dig into relevant data that will help you plan your next moves.