PSD2: A Revolution That Benefits Everyone
Societe Generale hosts the second part of the Berlin Group's annual conference. We asked Nicolas Cailly, Head of Marketing - Payments & Cash Management at Societe Generale, to explain how this directive can be an opportunity.
The second Payment Services Directive, called PSD2, came into effect on 13th January 2018. The European Commission's goal is to stimulate innovation, competition, and market efficiency, and to modernise payment services in Europe. It does so by taking into account the increasing digitisation of the economy, where banking services are no exception. However, its application will be gradual, due to certain regulatory technical standards (RTS) written by the European Banking Authority (EBA) taking gradually effect until September 2019.
This is the case for the EBA standards on strong customer authentication and secure communication relating to communication and security between customers, banks and new structures known as third-party providers (TPPs). In order to facilitate the development of account aggregation and payment initiation services, PSD2 requires banks to open up access to their clients’ data (with their consent) to TPPs, securely, for free and without any contract, via secure application programming interfaces (APIs).
The drafting of this directive was a time for lively debate, because it overhauled the payments industry. This directive opens the door to newcomers and could potentially lead to a risk of bank disintermediation and loss of customer relationships into their fold. At the same time, most of the rules and systems that govern the payment industry are supported by the banks.
Open banking constitutes a boon for banks that are supporting this revolution. Customers’ new expectations when it comes to banking services (greater autonomy, transparency, immediacy, ability to bank 24 hours a day anywhere and using any device), the emergence of new technologies, and the regulations that encourage them, are driving this revolution in the world of payments. Banks need to seize these opportunities and improve interactions with their clients by offering a new way to consume banking services.
Societe Generale is well involved in this way, with the implementation of its BtoB platform, SG Markets. This global platform allows corporate clients and employees worldwide to use business services through a single web interface, but also through APIs. The open banking approach being implemented is in response to the requirements of PSD2 and also to clients looking to have their systems interact with Societe Generale’s in a simple and completely secure environment.
On the back of its leadership position in online banking in France through its Boursorama brand, Societe Generale was very early in joining market initiatives in France and in Europe to make suggestions for the PSD2 APIs. The first initiative, promoted by the French Banking Federation (FBF) and driven by the company STET, is working toward a French PSD2 API standard. The STET API’s features are being validated within the CNPS (Comité National des Paiements Scripturaux), chaired by Banque de France, in the presence of banks and TPPs. The second initiative is the one of the Berlin Group – an association that includes Europe’s leading payment industry players – aiming to create a pan-European standard. Societe Generale has been an active member of the group since 2016, and is still the only French bank involved. The presence of Fanny Rodriguez, Senior Advisor at Societe Generale, in both initiatives enables the bank to enhance the French and pan-European APIs and to work alongside STET towards their convergence.
This conference will be the place to present and explain the Berlin Group’s work on API standardisation to policy-makers and market players. Among those attending will be the European Central Bank, the EBA, the French Prudential Supervisory and Resolution Authority (ACPR), Banque de France, service and solution providers, and TPPs. The final version of the Berlin Group’s API and the test results will be presented there. This conference is also a chance to report on TPPs’ observations, some of which may be incorporated into the standard. The approach is meant to be co-constructive and collaborative, as the API must be suitable for large audiences in different countries. And for it to function securely, the accreditation and qualifications of the TPPs must be verified at the time they connect. The company PRETA is building a European registry that will list approved banks and TPPs as well as the services they deliver. Societe Generale was there again the first French bank to join this initiative early on and to participate to its financing. Having a central European organisation is essential to facilitate the arrival of new services for consumers, while ensuring that the system is secure. And Societe Generale is convinced of this too – a simpler and secure environment will make it possible to build high-value services for its clients.
This is why Societe Generale is creating an ecosystem via acquisitions and equity participation in innovative companies, most recently including Treezor and Lumo. Internally, the open banking and platform strategy entails the principles of cloud-first, open-source-first, and API-first on all information systems. Partnerships have also been initiated for creating value in specific products. In terms of PSD2, given the fundamental changes implied and the very tight implementation calendar, the upmost priority for banks as Societe Generale is to prove compliant by 13 September 2019. At the same time, the bank is working on the next steps consisting in developing new services for its clients.
PSD2 is clearly re-emphasising the strategic aspect of payment services, a real challenge for banks. A cultural shift as well – visible at Societe Generale – toward an open, innovative, constantly evolving world. This is part of Societe Generale's strategy firmly focused on innovation. A strategy visible to our clients and by the market as Societe Generale won the first eCAC40 prize this year for its digital maturity.