Tag Archive for: PSD2

How will Open Banking impact Treasury?

| 20-9-2019 | treasuryXL | BELLIN

Interview with Karsten Kiefer on open banking, APIs and the future of bank connectivity

With financial data increasingly digitized and moved to the cloud, disruptive approaches have become available to fintechs and corporates have gained access to new and revolutionary opportunities. One such opportunity is open banking, also known as API banking. In this article, we take a closer look at open banking and the potential benefits of current trends for treasurers. Karsten Kiefer, Product Manager and Solutions Manager at BELLIN, introduces us to the latest developments and assesses their impact on corporate treasury.

The European Payment Services Directive 2 (PSD2) sets rules for access to payment accounts but it has also caused great uncertainty. Is this the beginning of open banking for everyone in Europe? And what does the directive mean for treasury?

One of the provisions of PSD2 forces European banks to provide a standardized access interface, known as API, to third parties, which enables technical access to the bank’s customers’ accounts. This is an attempt by the regulator to break up the banks’ monopoly on account information and to boost competition amongst payment service providers.

The directive clearly stipulates the type of information banks have to give access to and the scope of services associated with it. For example, when it comes to payments PSD2 API access is restricted to SEPA single payments. Few banks, if any, will support bulk payments, FX payments etc. as additional services. This is why for the time being this technology is only of limited use to corporate treasury. It is definitely in no way comparable to established channels such as EBICS, H2H or SWIFT.

Where do you see the main advantages of open banking for treasury? When will corporate financial departments adopt open banking?

Changes have been flooding the international payments sector, and open banking is only one of the waves to ride. Demand is driven by developments in the consumer goods sector, where mobile, real-time payments are rapidly gaining ground, with providers springing up all over the place. 24/7/365 availability of payments services is highly relevant for treasurers. This has also been the driving force behind developments in connection with established channels, such as SWIFT or EBICS, including the SWIFT g4C technology that enables real-time information on payment transactions. For corporates who use a treasury management system with an integrated payments platform, open banking has already become a reality.

How does open banking with a treasury management system work?

A treasury management system with an integrated payments platform, such as tm5 by BELLIN, enables multi-channel access to banks. There are standardized channels for specific regions, such as EBICS, or the BELLIN SWIFT Service that provides access to the global SWIFT Network. Another connectivity option is direct host-to-host connections to specific banks and their networks. APIs represent an additional technology to connect banks and corporates, and in the future, this will become more and more relevant. Today, the BELLIN Payment Gateway enables access to real-time payment transaction information and a company’s global financial status.

Are there any challenges associated with API interfaces?

Many of the banks today that can connect via two or even three channels are working on APIs. So this will become an additional bank connectivity option. However, we need to bear in mind that such an API must bring added value and additional benefits. Otherwise, you are better off using one of the more established channels. Looking at the API specifications of several major banks in more detail, you will realize that there are minor standardization options at the moment. Everyone is talking about APIs but in fact, every bank has their own! Ultimately, it is irrelevant for the customer or the user which technological options we have available to connect a financial institution.

What new aspects does API connectivity bring and what makes it special?

The main difference is the way in which information is made accessible. Intraday account statements are a perfect example. Many banks provide this information at least once or twice a day, some more often. The times vary according to bank, which makes it difficult to gain a complete overview of your financial status at any one time. For EBICS and H2H connections, BELLIN has to actively retrieve this information for clients, while the banks send the data to a company’s BIC in the case of SWIFT Service customers. Corporates have little or no insight into any fluctuations outside these times.
API technology enables two systems to communicate directly. In theory, any API request to a bank requesting intraday account information or the current financial status could be processed and responded to in real time. This would be a huge leap towards the concept of an “instant treasury:” It would enable treasurers to trigger information directly and to receive the latest data at the touch of a button. Unfortunately, few banks are able to offer such a service, as it would require not just an interface but also powerful and modern banking systems.

So the flood of information triggered by APIs very quickly hits a wall, reined in by banking systems. Do you see any solutions to this problem?

So-called WebSocket interfaces are a step up from APIs. This technology would see a bank notify a client as soon as any relevant data has become available. Corporates could retrieve this information promptly and would always have the latest information. This is a very intelligent reversal of the logic described earlier and would get rid of any redundant data communication. Customers or their service providers would only ever communicate with a bank when the bank has notified them of available data. You could compare a notification that money has been credited to your account to notifications sent by LinkedIn or YouTube: As soon as something new happens, it’s shown to you and you’re notified.

Will these new technologies mean the end for existing solutions such as EBICS?

Not at all. EBICS is a great example. The EBICS standard is long established and thousands of corporate clients use it. Banks have invested a lot of money in these systems. Intelligent updates to these standards will be the key. The German Banking Industry Committee, the industry association of the German banking industry, is planning specifications for 2020 and working on introducing technology that will enable banks to notify corporate clients as soon as relevant data is available to be retrieved from the EBICS bank server. From a technological point of view, this will be a combination of the established EBICS protocol and the latest API technology. I think this is the perfect combination of old and new standards and brings enormous advantages to customers with little or no adjustments required.

What would you recommend treasurers do right now?

My advice would be to remain calm and wait it out. At the moment, APIs and the opportunities associated with them are being hyped up. But in reality, very few banks have actually developed new services.

At BELLIN, we develop and integrate APIs every day, whether it is to communicate with transaction repositories, to integrate SAP systems or to connect our BELLIN Connect app. We have decades of experience when it comes to banking communication and have just launched API projects with three major international banks. Our aim is to create viable use cases that add value to our treasury clients.

Authors:

Author picture ofKarsten Kiefer

Karsten Kiefer
As a Product Manager and Payments Specialist, Karsten Kiefer is responsible for any payments topics at BELLIN. The main focus of his work is on enhancing software functionality, supported payment formats and communications channels. Karsten has a background in IT and has over 20 years’ experience in the payments sector.



 

 

Author picture ofAnja BiehlerAnja Biehler
Anja has a PhD in German Philology and trained in a business communications agency before gaining valuable creative and marketing experience in a number of advertising agencies. For five years, she was in charge of the communications department of a renowned, private financial service provider. Her last position before joining BELLIN’s Global Marketing & Communications team in November 2014 was with Freiburg University where Anja was responsible for the marketing efforts of the EXIST business start-up program.

Enigma begeleidt MoneyMonk in verkrijgen PSD2 vergunning

| 20-8-2019 | treasuryXL | Enigma Consulting

Boekhoudsoftware MoneyMonk kreeg op 26 juli een PSD2 vergunning van toezichthouder De Nederlandsche Bank (DNB). Na Cobase (ING) en Peaks (Rabobank) is MoneyMonk de eerste Nederlandse organisatie die een vergunning als rekeninginformatiedienstverlener verkrijgt, die niet gelieerd is aan een grootbank. Enigma Consulting heeft MoneyMonk begeleid in het traject van de vergunningaanvraag.

De Utrechtse FinTech en Scale-up MoneyMonk, opgericht door de broers Jasper en Jorgen Horstink, ontwikkelt online bedrijfsadministratie software voor ondernemers. Met hun product ‘MoneyMonk – online boekhouden’ richt het bedrijf zich sinds oprichting in 2013 op de administratie van dienstverlenende ZZP’ers.

Jasper Horstink (CEO) van MoneyMonk: “Wij zijn enorm blij dat wij als eerste boekhoudprogramma in Nederland de vergunning toegekend hebben gekregen door DNB. De vergunning stelt ons in staat om onze klanten nog beter te kunnen helpen. Zo hebben ze een actueler beeld van hun financiële situatie en kunnen ze nog meer tijd besparen op hun administratie. Het aanvragen van een PSD2 vergunning bij de DNB is geen sinecure. De adviseurs van Enigma Consulting met lead consultant Geert Blom hebben ons tijdens het gehele traject begeleid, zowel op juridisch, organisatorisch als op procedureel gebied. Juist het samenwerken met een adviesbureau met uitgebreide ervaring in al deze aspecten van de aanvraag is ons erg goed bevallen.”

Paul Jans, managing director van Enigma Consulting: “De betaalrevolutie komt in de tweede helft van dit jaar volledig tot wasdom met PSD2 in september en de verdere ontwikkeling van Instant Payments de komende maanden. Op dit moment begeleiden we een vijftiental organisaties bij hun vergunningaanvraag. Ik feliciteer de heren van Moneymonk dat zij met hun enthousiasme en daadkracht als eerste boekhoudsoftware de vergunning hebben gekregen.”

Masterclass: Nieuwe ontwikkelingen in het Betalingsverkeer

| 04-04-2019 | ENIGMA Consulting |

In samenwerking met Euroforum organiseert Enigma Consulting op 9 mei 2019 in Driebergen een Verdiepende Masterclass: Nieuwe ontwikkelingen in het Betalingsverkeer.

De veranderingen en innovaties in het betalingsverkeer zijn evident. Allerlei ontwikkelingen grijpen in op het betaaldomein en nieuwe spelers gaan verrassende diensten bieden. Tijdens deze intensieve masterclass krijgt u op 1 dag alle ins & outs van deze veranderingen te horen. En wat voor kansen dit concreet kan bieden voor uw dagelijkse werk! De Masterclass is bestemd voor banken, betalingsverkeer financials vanuit bedrijfleven en overheid, Fintech’s en start-ups.

Onderwerpen Masterclass

Impact Instant Payments

In de loop van 2019 worden betalingen 24/7 binnen 5 seconden afgewikkeld. Instant is het nieuwe “normaal” en klanten verwachten dat dit ook meteen zichtbaar is. Gaan bedrijven dus ook volledig realtime? Dit heeft invloed op alle huidige, vaak batch georiënteerde, betaalprocessen. Hoor hoe u hier effectief op inspeelt!

PSD2 eindelijk geïmplementeerd

De open banking era begint nu echt in volle omvang. Dienstverlening door tientallen Fintech’s en banken die nieuwe services aanbieden op basis van de betaalgegevens van klanten en met toestemming van klanten betalingen initiëren. Accuratere credit-rating wordt mogelijk, blijft iDEAL wel bestaan en wat gebeurt er met de incasso? Wat is de concrete impact nu PSD2 geïmplementeerd is?

Impact Innovaties

Welke impact hebben innovaties als E-signing, big data, Robotics, internet-of-things, open banking en biometrics op het betaaldomein? Gaan de grote Fintech partijen de dienstverlening van banken overnemen?

Services in het betaalproces

Financieel klantbeeld op het “mijn-domein” wordt steeds belangrijker. Welke informatie toont u? En welke self-service mogelijkheden en controles biedt u om het betaalproces te vergemakkelijken? En hoe gaat u om met achterstanden en welke betaalmix biedt u om vorderingen te incasseren?

Aan de hand van concrete klantcases komen alle thema’s aan bod en inventariseren wij hoe u voordeel kunt halen uit bovenstaande onderwerpen!

Meer informatie over de masterclass kunt u vinden op de website van ENIGMA Consulting.

 

 

ENIGMA Consulting

 

 

Congres toekomst van het betalingsverkeer

| 25-3-2019 | Euroforum | treasuryXL |

Het jaarcongres Toekomst van het Betalingsverkeer is al 20 jaar dé ontmoetingsplaats voor alle Payment Professionals in Nederland. Om deze mijlpaal te vieren wordt het programma dit jaar nog uitgebreider dan voorheen.

Op verschillende podia vertellen (inter) nationale Keynote Speakers de meest interessante verhalen. Daarnaast bestaat het programma uit diverse co-creatie sessies en round tables waar de meest prangende vraagstukken van dit moment worden besproken. Bij dit proces is uiteraard de Adviesraad weer nauw betrokken.

What’s Going on in Payments?

Wat kunt u op 18 april verwachten?

> Circa 300 Payment experts van strategisch niveau aanwezig om u netwerk te vergroten.
> Meer dan 10 C-Level speeches delen hun visie op: Digitale Transformatie van Banken, Succesvol samenwerken met Fintechs, de NextGen Klant, Nieuwe business modellen door PSD2,
Impact van Blockchain en Artificial Intelligence.
> Meer dan 15 Round Table Sessions over EID, PSD2 Update, Instant Payments, Cybersecurity, Crypto Currencies, Data driven business modellen.
> Gepresenteerd door de payments experts in Nederland vanuit Betaalinstellingen, de nieuwkomers, banken, PSP’s, frontrunning consultancys.
> Interactieve werkvormen zoals dit jaar ‘Battle of the Finance’ en ruim de gelegenheid om te netwerken.

Voor meer informatie over het volledige programma, de sprekers en de locatie kunt u de website van het event bezoeken.

Best read articles of all time: Do treasurers really need instant payments? some implications.

| 03-08-2018 | Patrick Kunz | treasuryXL

 

 

Per 13 January 2018 we have a new payments service directive (nr. 2) live in the European union, PSD2 for short. One part of PSD2 is the possibility for banks to offer instant payments between banks in the EU. Within max 10 seconds money flows from one bank to the other, also on weekends and on holidays. In this paper I want to discuss the implications for treasurers of instant payments.

Cash flow forecasting

Forecasting is an important part of the daily/weekly routine of a treasurer. He/she needs to predict the future to know his cash/risk/financing position. On the ultra-short term spectrum of this forecast a treasurer might use intraday bank statement (MT942) to take into account the incoming funds during the day. These are often updated hourly. With instant payments a treasurer can have a look at their bank account and the balance that is showing is the real-time balance with all incoming transactions being settled. As said before a treasurer might already have intraday statements but there is (1) a time lag in those and (2) there might be transactions not processed yet. Bottom line this difference amounts to several hours lag. Depending on the size of the company and the amount and size of transactions there is some impact but not very sizeable. Furthermore, those treasurers that do not use intraday balances for their forecasting have no impact of instant payments. However, how about the due payments on non-working days? In the future these are normal payments dates. Previously due payments on weekends are either set on Friday or Monday depending on the terms of the contract. These could now be forecasted on the exact day. But that depends, payments are often done during business hours, so it is possible that nothing changes. Depending on the size of the transactions there is importance to check this with your suppliers and clients. This also depends on bank processing of yourself and your client/supplier.

Bank processing

Instant means instant in time but also in days. In the past we were dependent on the opening hours of the banks and later of the ECB. That could mean that if we send money just after close on Friday and there was a public holiday on Monday we would only see the money coming in on Tuesday. The money was “lost in translation” in between. This is not very modern in an age where we send an email from Tokyo to South Africa in minutes but not money. We could literally fly there with cash and be faster. After all banks have implemented PSD2 money flows 24/7. So also in the weekend and on holidays. This has an impact on the processing of your bank statement. You now receive bank statement for Saturday and Sunday. Most accounting/treasury departments do not work on the weekends so there is a chance that these statements are not processed. This means you must process 3 statements on Monday. Some companies have automatic processing of bank statements, so the weekend statements might be processed but not (automatically) consolidated leading to more open positions on Monday. Ok big deal, there is more work to do on Monday due to more bank statements. But there is more: not necessarily for treasury departments. Think about customer services (helpdesk) departments. If a client with an overdue payment calls it would be great if the helpdesk employee is able to verify statements of the customers if the says he has paid or will pay immediately. This however only works if processing is automatic or if the helpdesk employee can access/search the incoming payments on the bank account (which might not have processed in accounting). Not all companies will have this yet. Overdue calculations might be faulty in some ERP systems as only working days are considered. If a payment is due on Sunday, you can pay on this Sunday and not necessarily on the Friday before.

Conclusion

Instant payments are only a fraction of PSD2 which is often not very interesting for most treasurers. They get some information faster but that does not really help them too much. There is however more to it. Since payments can now arrive and be made in the weekends the cash flow forecasting should now contain 7 days in a week instead of 5. Payment can be spread out more but also receipts will be. Bank processing is more work; 7 daily statements per bank account per week instead of 5. Extra processing or extra automation needed. The extra information might be needed by other departments too even though the treasury/accounting department is not working.

Overall the implications could be bigger then you might think and are different for every company and depending on their existing (bank) processing.
Most bank are planning to introduce weekend reporting by H2 2018 while instant payments are due beginning 2019. For business transactions this might even take until H2 2019.

Some time left but a good time to already think about your current processes in comparison to the new reality under psd2. Treasury is moving to a 24/7 information economy. It’s about time.Time will tell if there will be fintech’s stepping in helping with above issues with direct connections to the bank, which is another important part of PSD2 but not within the scope of this article.

If you need help with automating your bank statement processing or with your cash flow forecasting, then look at this author and other Flex Treasurers on this website for answers.

Patrick Kunz

Treasury, Finance & Risk Consultant/ Owner Pecunia Treasury & Finance BV

 

 

PSD2 Spring Update

| 18-06-2018 | François de Witte | TreasuryXL

During the fall of 2017, I published a Summer Update on PSD2. Since then, a lot of things have moved, and hence I found it the right moment to provide an update you on some developments PSD2 and open banking.

LIST OF ABBREVIATIONS USED IN THIS ARTICLE

AISP:            Account Information Service Provider
API:              Application Programming Interface
ASPSP:         Account Servicing Payment Service Provider
EBA:             European Banking Authority
PISP:            Payment Initiation Service Provider
PSP:             Payment Service Provider
PSU:             Payment Service User
RTS:             Regulatory Technical Standards
SCA:             Strong Customer Authentication
TPP:             Third Party Provider

Main updates on the regulatory framework

Several member states have experienced in the transposition of PSD2 in the national law. The current status (27/5/2018) is as follows:

• Full transposition measures communicated: Austria, Bulgaria, Cyprus, Czech Republik, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Slovakia, Slovenia, Sweden, United Kingdom
• Partial transposition measures communicated: Belgium, Lithuania, Malta, Poland
• No transposition measures communicated: Croatia, Latvia, Luxembourg, Netherlands, Portugal, Romania, Spain

Source : https://ec.europa.eu/info/publications/payment-services-directive-transposition-status_en

The EC has launched an infringement proceeding is against the states who did not or only partially transposed PSD2 in their national law.

The Regulatory Technical Standards on strong customer authentication and secure open standards of communication have been published on 13/3/2018 in the Official Journal of the European Union. They will apply in as from September 13, 2019, leaving 18 months to the payment industry to get ready for this new state of play.

The EBA has decided to maintain the obligation for the ASPSPs to offer at least one interface for AISPs and PISPs to access payment account information. As of 13/9/2019, the existing practice of third party access without identification (at times referred to as ‘screen scraping’) will no longer be allowed. In order to address the concerns raised by a few respondents, the final RTS now also require that ASPSPs that use a dedicated interface will have to provide the same level of availability and performance as the interface offered to, and used by, their own customers, provide the same level of contingency measures in case of unplanned unavailability, and provide an immediate response to PISPs on whether or not the customer has funds available to make a payment.

The banks need already to prepare some steps as from early 2019 onwards. The following timetable illustrates the deadlines:

The finalization of the RTS is an important milestone which will give banks and TPPs much more clarity and certainty on how to push forward their PSD2 compliance and strategic programs.

13/1/2018, the date of implementation of PSD2 appeared to be nonevent. Over one third of the member states failed to implement PSD2. Only very few banks had published their APIs. We observe that banks are much slower in opening up their APIs to TPPs, and this for various reasons, e.g. APIs are not yet ready technically, chicken and egg situation with other banks, etc. As a result, the API aggregators need to use screen scraping or reverse engineering to enable to provide for the TPPs (including banks) access to the accounts held at the ASPSPs.

Furthermore, the standards are not yet harmonized throughout Europe. A number of working groups were constituted to further elaborate on these standards, the most important ones being the UK’s Open Banking Working Group (OBWG), the Berlin Group, and STET. Experts seem to agree that the Berlin Group Standard is the most elaborate ones, as it incorporates the most relevant use cases and has been built with the latest technology standards using REST, OAuth2, JSON and HTTP-signature. It relies on ISO 20022 elements for structuring the data to be exchanged between TPPs and ASPSPs However the UK Open Banking standards also provide interesting insights. The UK has already a much larger experience in open banking. In my view it’s essential to create a set of common, industry standard APIs that can be used by all.

Another challenge is the implementation of the multi-factor authentication. There also some interesting initiatives took place. Gemalto the world leader in digital security, has enabled Belgian mobile ID scheme ITSME to enroll 350,000 users and securely process one million transactions per month for both private and public online services – making it one of the most successful mobile ID applications in Europe within one year of launch.

Real-time payments can be the catalyst for a new wave of innovative corporate banking, payments and cash management services. The SEPA Instant Credit Transfer, will offer in combination with PSD2 interesting new use cases for Open Banking. However, it will take time to take off, as it requires huge investment from the banks, and also a change in the mentality of the consumers.

Conclusion

Although PSD2 should have been enacted by the member states, some states are still lagging behind. The banks are slow in opening their APIs, and open banking is not taking off as quickly as expected. Market players need also to agree on common standards for the interfaces.

However, there the deadline of 13/9/2019 is approaching and there is no way back. The clock is ticking in the PSD race. “If you cannot beat them, then you better join them”.

Open banking is a new way of approaching the delivery of financial services for customers, and as such, it requires a new way of thinking and new ways of working. This will also require a new mindset and a different team set up. Teams are going to be more agile and have a mix of skills and people. This is a big challenge for several institutions.

For your information, I will give a one-day training on the subject at Febelfin Academy on 21/11/2018. For more information, please go to: https://www.febelfin-academy.be/nl/opleidingen/detail/psd2-and-the-open-banking-architecture-addressing-.

François de Witte – Founder & Senior Consultant at FDW Consult; Managing Director and CFO at SafeTrade Holding S.A.

 

[button url=”https://www.treasuryxl.com/community/experts/francois-de-witte/” text=”View expert profile” size=”small” type=”primary” icon=”” external=”1″]

[separator type=”” size=”” icon=””]

Best read articles of all time – PSD 2: a lot of opportunities but also big challenges (Part II)

| 16-05-2018 | François de Witte |

After having examined the detailed measures of the PSD2 in my first article, in the 2nd part we will examine the impact of PSD 2 on the market. In order to help you read the text we will once more start with a list of abbreviations.

LIST OF ABBREVIATIONS USED IN THIS ARTICLE

2FA    :   Two-factor authentication
AISP  :    Account Information Service Provider
API :       Application Programming Interface
ASPSP : Account Servicing Payment Service Provider
EBA :     European Banking Authority
PISP :    Payment Initiation Service Provider
PSD1:    Payment Services Directive 2007/64/EC
PSD2  :  Revised Payment Services Directive (EU) 2015/2366
PSP :     Payment Service Provider
PSU:      Payment Service User
RTS :     Regulatory Technical Standards (to be issued by the EBA)
SCA :     Strong Customer Authentication
TPP :     Third Party Provider

Impact on the market

A major implementation journey:

The ASPSP (mostly banks) will have to make large investments in order to comply with the PSD2, in the following fields:

  • Implementing  the infrastructure enabling the application of the PSD2 scheme to the currency transaction in the EU/EEA area, and to the one leg transactions.
  • Ensuring that they can respond to requests for payment initiation and account information from authorized and registered TPPs (third party providers), who have received the explicit consent of their customer for to this. They will have to develop interfaces that enable third party developers to build applications and services around a bank. Internal banking IT systems might need to be able to cope with huge volumes of requests for information and transactions, more than they were originally designed for.
  • Ensuring their security meets the requirements of the SCA (strong customer authentication). This will be a big challenge both for the banks and for the other payment service providers).

PSD2 will make significant demands on the IT infrastructures of banks. On the one hand the IT infrastructure has to be able to be interact with applications developed by the TPPs (PISP and AISP). On the other hand, banks have to develop their systems in such a way that they don’t have to do this from scratch every time a TPP approaches them. This will require a very flexible IT architecture. The banks have to have a middleware that can be used by their internal systems, but also by the applications of the PSP’s.

Although PSD2 does not specifically mention the API (Application Programming Interfaces),  most technology and finance professionals assume that APIs will be the technological standard used to allow banks to comply with the regulation.

An API is a set of commands, routines, protocols and tools which can be used to develop interfacing programs. APIs define how different applications communicate with each other, making available certain data from a particular program in a way that enables other applications to use that data. Through an API, a third party application can make a request with standardized input towards another application and get that second application to perform an operation and deliver a standardized output back to the first application. For example, approved third parties can access your payment account information if mandated by the user and initiate payment transfer directly.

In this framework, the real challenge is to create standards for the APIs specifying the  nomenclature, access protocols and authentication, etc.”. Banks will have to think about how their new API layers interact with their core banking systems and the data models that are implemented alongside this. The EBA (European Banking Authority) will develop RTS (Regulatory Technical Standard) with more detailed requirements regarding the interface between ASPSPs and TPPs. While these are expected to be published early 2017, based on the EBA’s recent draft RTS, the question is whether they will define the interface’s technical specifications.

Emergence of new players and business models

By integrating the role of new third party payment service providers (TPPs) such as the PISP and the AISP, the PSD2 creates a level playing field in the market. Several market experts expect that this will foster innovation and creating new services. For this reason PSD2 should increase competition.

This might lead to a unique open race between traditional players, such as the banks and newcomers for new services and a possible disintermediation of banking services, as illustrated in the figure down below:

Source: Catalyst or threat? The strategic implications of PSD2 for Europe’s banks, by Jörg Sandrock, Alexandra Firnges – http://www.strategyand.pwc.com/reports/catalyst-or-threat

PSD2 is likely to give a boost to the ongoing innovation boom and bring customers more user-friendly services through digital integration. One can expect that the automation, efficiency and competition will also keep the service pricing reasonable. PSD2 will foster improved service offerings to all customer types, especially those operating in the e-commerce area for payment collection. It will enable a simpler management of accounts and transactions. New offerings may also provide deeper integration of ERP functions with financial services, including of their multibank account details under a single portal, and smart dashboards.

PSD2 also enables a simplified processing chain in which the card network can be  disintermediated. The payment can be initiated by the PISP directly from the customer’s bank account through an interface with the ASPSP. In  this scheme, all interchange fees and acquirer fees as well as all the fees received by the processor and card network could be avoided. The market expects that new PISPs will be able to replace partly the transactions of the classic card schemes. A large internet retailer could for example ask permission to the consumers permitting direct account access for payment. They could propose incentive to encourage customers do so. Once permission is granted then the third-parties could bypass existing card schemes and push payments directly to their own accounts.

On the reporting side, the AISP can aggregate consumer financial data and provide consumers with direct money management services. They can be used as multi-bank online electronic banking channel. One can easily imagine that these services will be able to disintermediate existing financial services providers to identify consumer requirements and directly offer them additional products, such as loans and mortgages.

The PSD2 is for banks a compliance subject, but also an opportunity to develop their next generation digital strategy. New TPPs can provide their innovative service offerings and agility to adopt new technologies, enabling to create winning payments propositions for the customer. In turn, traditional players like banks can bring their large customer bases, their reach and credibility. Banks have also broad and deep proven data handling and holding capabilities. This can create winning payments propositions for the customer, the bank and the TPP.

Banks will have to decide whether to merely stick to a compliance approach, or to leverage on the PSD2 to develop these new services. The second approach will require to leave behind the rigid legacy structures and to change their mindset to ensure  quicker adaption to the dynamic customer and market conditions. A first mover strategy can prove to be beneficial.  Consumers and businesses will be confronted with the increased complexity linked to the multitude of disparate offerings. There also, the incumbent banks who will develop new services  can bring added value as trusted partners

Essentially, PSD2 drives down the barriers to entry for new competitors in the banking industry and gives new service providers the potential to attack the banks and disintermediate in one of their primary customer contact points. New players backed by strong investors are ready to give incumbents a serious run for their business. This is an important battle that the incumbent banks are not willing to lose.

The biggest potential benefits will be for the customers, who can access new value propositions, services and solutions that result from banks and new entrants combining their individual strengths or from banks becoming more innovative in the face of increased competition. Market experts also foresee an increased use of online shopping and e-procurement.

Several challenges to overcome

The PSD2 will be transposed in the national legal system of all the member countries. The involved market participants will have to examine the local legislation of their country of incorporation, as there might be some country-based deviations.

The authentication procedure is also an important hot topic. PISPs and AISPs can rely on the authentication procedures provided by the ASPSP (e.g. the banks)  to the customer but there are customer protection rules in place. Hence, they must ensure that the personalized security credentials are not shared with other parties. They also may not store sensitive payment data, and they are obliged to identify themselves to the ASPSP each time a payment is initiated or data is exchanged.

ASPSPs are required according to PS2 to treat payment orders and data requests transmitted via a PISP or AISP “without any discrimination other than for objective reasons”. A practical consequence for credit institutions will be that they must carry out risk assessments prior to granting payment institutions access – taking into account settlement risk, operational risk and business risk. One of  the main issue is the handling of the customer’s bank credentials by third party payment service providers. The bank needs to be able to perform strong authentication to ensure that the authorized account user is behind the initiation message

There are concerns about security aspects related to PSD2. An example hereof is the secure authentication. All the PSPs will have to ensure that they can demonstrate compliance with the new security requirements. How it will be achieved and monitored ? How will TPPs  interact with banks, since there is no need for a contract to be signed?

If something does not work correctly, there will also be discussions on the liability side. The PSD2 states that the TPP has to reimburse customers quickly enough that they are not bearing undue risk, but one will have to determine which TPP had the problem and work with them to resolve it. This will require further clarifications from the regulators.

In addition the PISP and the AISP vulnerable for to potential frauds. Web and mobile applications could become easy target for cybercriminals for various reasons, including the inherent vulnerabilities in the APIs that transfer data and communicate with back-end systems. The openness of the web could allow hackers to view source code and data and learn how to attack it. APIs have been compromised in several high-profile attacks that have caused significant losses and embarrassment for well-known players and their customers. The PSD2’s ‘access to account’  increases not only the number of APIs, but adds layers of complexity to the online banking/payments environment, adding to the risk of fraudulent attacks.

The market is waiting for the RTS (Regulatory Technical Standards) to give guidance on how some remaining security issues will be solved. These include:

  • Treatment of PSU’s (payment service user)security credentials
  • Requirements for secure communication between the PSP and banks
  • Full details and definition of strong authentication
  • Safety of the PSU funds and personal data
  • Availability of license registry for real-time identification of the PSP (PISP or AISP)

It is important that the required clarifications are published soon, in order to avoid a time lag between the implementation of PSD 2 in the national legislations and the real move in the market.

Conclusion

The PSD2 creates challenges, such as the huge investments to be made by the banks, compliance issues and protection against fraud and cybercrime. However several topics need to be clarified such as the RTS and the market players need also to agree on common standards for the interfaces. The clock is ticking in the PSD race.

Traditional players such as the banks appear to have a competitive disadvantage vis-à-vis the new emerging third party payment service providers. However, the Directive opens up new forms of a collaborative approach that can overcome this. New players can provide their innovation and resilience, whilst banks can add value thanks to their large customer base, credibility, reach and ability to cope with high volumes.

The biggest potential benefits might be for customers, who will benefit from new value propositions, services and solutions from new entrants, from banks and new entrants combining their individual strengths, or from banks becoming more innovative in the face of increased and agile competition.

François de Witte – Founder & Senior Consultant at FDW Consult and Senior Expert – Product, Business development and sales manager at Isabel Group

 

[button url=”https://www.treasuryxl.com/community/experts/francois-de-witte/” text=”View expert profile” size=”small” type=”primary” icon=”” external=”1″]

[separator type=”” size=”” icon=””]

Best read articles of all time – PSD 2: a lot of opportunities but also big challenges (Part I)

| 15-05-2018 | François de Witte |

The Directive 2015/2366 on payment services in the internal market (hereinafter PSD2) was adopted by the European Parliament on October 8, 2015, and by the European Union (EU) Council of Ministers on November 16, 2015. The PSD2 updates the first EU Payment Services Directive published in 2007 (PSD1), which laid the legal foundation for the creation of an EU-wide single market for payments. PSD2 came into force on January 13, 2016, and is applicable from January 13, 2018 onwards. By that date the member states must have adopted and published the measures necessary to implement it into their national law.

PSD 2

PSD2 will cause important changes in the market and requires a thorough preparation. In this article, we are summarizing the measures and highlighting the impact on the market participants. In today’s Part I we will focus on abbreviations and main measurers introduced by PSD2.

List of abbreviations used in this article

2FA    : Two-factor authentication

AISP  :  Account Information Service Provider

API : Application Programming Interface

ASPSP : Account Servicing Payment Service Provider

EBA :  European Banking Authority

EBF :  European Banking Federation

EEA :  European Economic Area

PISP :  Payment Initiation Service Provider

PSD1:  Payment Services Directive 2007/64/EC

PSD2  :  Revised Payment Services Directive (EU) 2015/2366

PSP : Payment Service Provider

PSU:   Payment Service User

RTS : Regulatory Technical Standards (to be issued by the EBA)

SCA : Strong Customer Authentication

TPP :  Third Party Provider

Main Measures introduced by PSD2:

The  PSD2 expands the reach of PSD1, to the following payments:

  • Payments in all currencies (beyond EU/EEA), provided that the two PSP (Payment Service Provider) are located in the EU /EEA (two legs)
  • Payments where at least one PSP (and not both anymore)  is located within EU borders for the part of the payment transaction carried out in the EU/EEA (one leg transactions)

A second important measure is the creation of the Third Party Providers (TPP). One of the main aims of the PSD2 is to encourage new players to enter the payment market and to provide their services to the PSU (Payment Service Users). To this end, it creates the obligation for the ASPSP (Account Servicing Payment Service Provider – mainly the banks) to “open up the bank account” to external parties, the so-called, third-party account access. These TPP (Third Party Providers) are divided in two types:

·        AISP (Account Information Service Provider) : In order to be authorized, an AISP is required to hold professional indemnity insurance and be registered by their member state and by the EBA. There is no requirement for any initial capital or own funds. The EBA (European Banking Authority) will publish guidelines on conditions to be included in the indemnity insurance (e.g. the minimum sum to be insured), although it is as yet unknown what further conditions insurers will impose.

·        PISP (Payment Initiation Service Providers): PISPs are players that can initiate payment transactions. This is an important change, as currently there are not many payment options that can take money from one’s account and send them elsewhere. The minimum requirements for authorization as a PISP are significantly higher. In addition to being registered, a PISP must also be licensed by the competent authority, and it must have an initial and on-going minimum capital of EUR 50,000.

Banks will have to implement interfaces, so they can interact with the AISPs and PISPs. However, payment initiation service providers will only be able to receive information from the payer’s bank on the availability of the funds on the account which results in a simple yes or no answer before initiating the payment, with the explicit consent of the payer. Account information service providers will only receive the information explicitly consented by the payer and only to the extent the information is necessary for the service provided to the payer. This compliance with PSD2 is mandatory and all banks will have to make changes to their infrastructure deployments.

A third important change is the obligation for the Payment Service Providers to place the SCA (Strong Customer Authentication) for electronic payment transactions based in at least 2 different sources (2FA: Two-factor authentication) :

  • Something which only the client knows (e.g. password)
  • A device (e.g. card reader, authentication code generating device, token)
  • Inherence (e.g. fingerprint or voice recognition)

 

The EBA (European Banking Authority will provide further guidance on this notion in a later stage. It remains to be seen whether the current bank card with pin code is sufficient to qualify as “strong customer authentication”. This “strong customer authentication” needs to take place with every payment transaction. EBA will also be able to provide exemptions based on the risk/amount/recurrence/payment channel involved in the payment service (e.g. for paying the toll on the motorway or the parking).

PSD2 also introduces some other measures:

  • Retailers will be authorized to ask to the consumers for permission to use their contact details, so as to receive the payment directly from the bank without intermediaries
  • There will be a ban on surcharges on card payments
  • There will be new limitations on the customer liability for unauthorized payment transactions

In a second article soon to be published on treasuryXL, François de Witte will focus on the impact PSD2 has on market participants. 

François de Witte – Founder & Senior Consultant at FDW Consult and Senior Expert – Product, Business development and sales manager at Isabel Group

 

[button url=”https://www.treasuryxl.com/community/experts/francois-de-witte/” text=”View expert profile” size=”small” type=”primary” icon=”” external=”1″]

[separator type=”” size=”” icon=””]

 

Universwiftnet Paris – March 2018

| 30-04-2018 | François de Witte |

On 13/3/2018, I attended the 15th Universwiftnet Paris event, a one-day conference day to discover the recent tendencies in payments, banking connectivity and the relationship between corporates and banks. There were over 1.000 participants, and this was a good opportunity to have an immersion in the latest tendencies in treasury. Down below, you will find some hot topics and takeaways,

KYC (Know Your Customer)

KYC remains high on the attention of banks. There is a new initiative of the KYC – SWIFT registry, which aims to provide an efficient, shared platform for managing and exchanging standardized Know Your Customer (KYC) data. SWIFT has worked with the world’s largest correspondent banks to define a set of data and documentation that addresses KYC requirements across multiple jurisdictions.

SWIFT takes on the task of validating the information and keeping it up to date. That means banks are relieved of this task, while remaining sure that their data is reliable and up to date. The KYC registry also offers a useful set of tools to simplify and enhance risk management procedures. This includes a KYC Advanced Notifications feature that can trigger alerts, if the profile of one of their counterparties changes.

Institutions can upload completely free documentation to the Registry and share it with the institutions you select. SWIFT validates the data rigorously, informs the counterparty if it is incomplete or needs updating, and alerts your correspondents whenever your data changes. The KYC Registry is currently only open for banks, but it this would be opened to corporates to corporates this year, enabling them to deposit documents there. This is welcomed development.

eBAM – management of the bank mandates

eBAM is the SWIFT initiative aiming at rationalizing the bank mandates. This provides standardized messages, which can be used between corporates and banks. BNP Paribas is already using this extensively, but other banks, like Sociét Générale, Citibank and Natixis are also joining the initiative. The further extension of eBAM to other banks would enable to rationalize an area, which remains a pain point for many corporates. One of the projects is to enable to sign digitally bank agreements.

Fraud & cybersecurity

Fraud & cybersecurity also remain high on the agenda. According to a study of Euler Hermes, 80 %, of the corporates have at least experience & fraud attempts, and 25 % over 10 fraud attempts. According to a study of the EU, 80 % of the European corporates have been victim of cyberattacks.

Corporates need to invest in the risk assessment, the browser & app protection, onboarding and password management. The challenge is to payments as frictionless as possible, in a context of increasing authentication cost.

It is important to embed this in processes, which should include whenever possible measures enabling to prevent:

  • Internal fraud: through the secure import of the files and other internal fraud prevention measures (black and white list of beneficiaries, limits on the amounts, banks and countries, check on abnormal transactions, verification of the account of the beneficiaries, etc.)
  • External fraud: through a secure digital signature (multifactor authentication using One time passwords, certificates, etc.) and a secure transfer of the payment files to the banks

PSD2, instant payments and open banking

We are moving to a paradigm whereby we need to combine:

  • The real time of the transaction
  • The request for user-friendly and frictionless payment initiation
  • The controlled opening of the payments landscape to third parties through PSD2
  • The protection of the PSU (Payment Service User) through PSD2 and GDPR

This will also create opportunities, both for the new players and the incumbent banks, who are prepared to develop an active open banking strategy. The retailers look at reducing the collecting costs of the card schemes and are looking at alternative more cost efficient collection methods. The SEPA Instant Payment Scheme could become in the future an interesting alternative.

New multibank solutions will come up. They will provide a more cost efficient technology using APIs. In a first stage, I expect that they will mainly extend to smaller corporates. Larger corporates might stick to the proven SWIFTNET or Host-to-Host solutions, due to the bank independency, the proven track record and the high integration with the existing processes.

There has been an interesting testimony of EDF, who is currently daily retrieving its bank statements through APIs. These are easier to implement, and have enabled a more efficient and quicker process. This new way of working also has a lower impact on the IT environment, identified as a bottleneck in the organization.

In fact, we are currently moving to a real time and digital treasury. This will require new profiles, such as IT developers and AI specialists for the operational tasks and the dash boarding.

François de Witte – Founder & Senior Consultant at FDW Consult and Senior Expert – Product, Business development and sales manager at Isabel Group

 

[button url=”https://www.treasuryxl.com/community/experts/francois-de-witte/” text=”View expert profile” size=”small” type=”primary” icon=”” external=”1″]

[separator type=”” size=”” icon=””]

 

 

Do treasurers really need instant payments? some implications.

| 30-01-2018 | Patrick Kunz |

 

Per 13 January 2018 we have a new payments service directive (nr. 2) live in the European union, PSD2 for short. One part of PSD2 is the possibility for banks to offer instant payments between banks in the EU. Within max 10 seconds money flows from one bank to the other, also on weekends and on holidays. In this paper I want to discuss the implications for treasurers of instant payments.

Cash flow forecasting

Forecasting is an important part of the daily/weekly routine of a treasurer. He/she needs to predict the future to know his cash/risk/financing position. On the ultra-short term spectrum of this forecast a treasurer might use intraday bank statement (MT942) to take into account the incoming funds during the day. These are often updated hourly. With instant payments a treasurer can have a look at their bank account and the balance that is showing is the real-time balance with all incoming transactions being settled. As said before a treasurer might already have intraday statements but there is (1) a time lag in those and (2) there might be transactions not processed yet. Bottom line this difference amounts to several hours lag. Depending on the size of the company and the amount and size of transactions there is some impact but not very sizeable. Furthermore, those treasurers that do not use intraday balances for their forecasting have no impact of instant payments. However, how about the due payments on non-working days? In the future these are normal payments dates. Previously due payments on weekends are either set on Friday or Monday depending on the terms of the contract. These could now be forecasted on the exact day. But that depends, payments are often done during business hours, so it is possible that nothing changes. Depending on the size of the transactions there is importance to check this with your suppliers and clients. This also depends on bank processing of yourself and your client/supplier.

Bank processing

Instant means instant in time but also in days. In the past we were dependent on the opening hours of the banks and later of the ECB. That could mean that if we send money just after close on Friday and there was a public holiday on Monday we would only see the money coming in on Tuesday. The money was “lost in translation” in between. This is not very modern in an age where we send an email from Tokyo to South Africa in minutes but not money. We could literally fly there with cash and be faster. After all banks have implemented PSD2 money flows 24/7. So also in the weekend and on holidays.
This has an impact on the processing of your bank statement. You now receive bank statement for Saturday and Sunday. Most accounting/treasury departments do not work on the weekends so there is a chance that these statements are not processed. This means you must process 3 statements on Monday. Some companies have automatic processing of bank statements, so the weekend statements might be processed but not (automatically) consolidated leading to more open positions on Monday.
Ok big deal, there is more work to do on Monday due to more bank statements. But there is more: not necessarily for treasury departments. Think about customer services (helpdesk) departments. If a client with an overdue payment calls it would be great if the helpdesk employee is able to verify statements of the customers if the says he has paid or will pay immediately. This however only works if processing is automatic or if the helpdesk employee can access/search the incoming payments on the bank account (which might not have processed in accounting). Not all companies will have this yet.
Overdue calculations might be faulty in some ERP systems as only working days are considered. If a payment is due on Sunday, you can pay on this Sunday and not necessarily on the Friday before.

Conclusion

Instant payments are only a fraction of PSD2 which is often not very interesting for most treasurers. They get some information faster but that does not really help them too much. There is however more to it. Since payments can now arrive and be made in the weekends the cash flow forecasting should now contain 7 days in a week instead of 5. Payment can be spread out more but also receipts will be. Bank processing is more work; 7 daily statements per bank account per week instead of 5. Extra processing or extra automation needed. The extra information might be needed by other departments too even though the treasury/accounting department is not working.
Overall the implications could be bigger then you might think and are different for every company and depending on their existing (bank) processing.
Most bank are planning to introduce weekend reporting by H2 2018 while instant payments are due beginning 2019. For business transactions this might even take until H2 2019.
Some time left but a good time to already think about your current processes in comparison to the new reality under psd2. Treasury is moving to a 24/7 information economy. It’s about time.
Time will tell if there will be fintech’s stepping in helping with above issues with direct connections to the bank, which is another important part of PSD2 but not within the scope of this article.

If you need help with automating your bank statement processing or with your cash flow forecasting, then look at this author and other Flex Treasurers on this website for answers.

Patrick Kunz 

Treasury, Finance & Risk Consultant/ Owner Pecunia Treasury & Finance BV