BCR Publishing

We are the leading provider of news, market intelligence, events and training for the global receivables finance industry.

Working with industry leading organisations, experts, governments and universities, BCR Publications delivers expertise in factoring, receivables and supply chain finance to a global audience.

BCR has long been a beacon of innovation and excellence in the realm of receivables finance, playing an instrumental role in shaping the industry’s international landscape. Through its comprehensive conferences, insightful publications, and thought leadership, BCR has facilitated crucial dialogues and connections among industry professionals, driving forward the development of receivables finance globally.

Follow BCR Publishing

Free passes

For corporate treasurer roles/functions!

ARTICLES

Best read articles of all time – PSD 2: a lot of opportunities but also big challenges (Part II)

| 16-05-2018 | François de Witte |

After having examined the detailed measures of the PSD2 in my first article, in the 2nd part we will examine the impact of PSD 2 on the market. In order to help you read the text we will once more start with a list of abbreviations.

LIST OF ABBREVIATIONS USED IN THIS ARTICLE

2FA : Two-factor authentication
AISP : Account Information Service Provider
API : Application Programming Interface
ASPSP : Account Servicing Payment Service Provider
EBA : European Banking Authority
PISP : Payment Initiation Service Provider
PSD1: Payment Services Directive 2007/64/EC
PSD2 : Revised Payment Services Directive (EU) 2015/2366
PSP : Payment Service Provider
PSU: Payment Service User
RTS : Regulatory Technical Standards (to be issued by the EBA)
SCA : Strong Customer Authentication
TPP : Third Party Provider

Impact on the market

A major implementation journey:

The ASPSP (mostly banks) will have to make large investments in order to comply with the PSD2, in the following fields:

Implementing the infrastructure enabling the application of the PSD2 scheme to the currency transaction in the EU/EEA area, and to the one leg transactions.
Ensuring that they can respond to requests for payment initiation and account information from authorized and registered TPPs (third party providers), who have received the explicit consent of their customer for to this. They will have to develop interfaces that enable third party developers to build applications and services around a bank. Internal banking IT systems might need to be able to cope with huge volumes of requests for information and transactions, more than they were originally designed for.
Ensuring their security meets the requirements of the SCA (strong customer authentication). This will be a big challenge both for the banks and for the other payment service providers).

PSD2 will make significant demands on the IT infrastructures of banks. On the one hand the IT infrastructure has to be able to be interact with applications developed by the TPPs (PISP and AISP). On the other hand, banks have to develop their systems in such a way that they don’t have to do this from scratch every time a TPP approaches them. This will require a very flexible IT architecture. The banks have to have a middleware that can be used by their internal systems, but also by the applications of the PSP’s.

Although PSD2 does not specifically mention the API (Application Programming Interfaces), most technology and finance professionals assume that APIs will be the technological standard used to allow banks to comply with the regulation.

An API is a set of commands, routines, protocols and tools which can be used to develop interfacing programs. APIs define how different applications communicate with each other, making available certain data from a particular program in a way that enables other applications to use that data. Through an API, a third party application can make a request with standardized input towards another application and get that second application to perform an operation and deliver a standardized output back to the first application. For example, approved third parties can access your payment account information if mandated by the user and initiate payment transfer directly.

In this framework, the real challenge is to create standards for the APIs specifying the nomenclature, access protocols and authentication, etc.”. Banks will have to think about how their new API layers interact with their core banking systems and the data models that are implemented alongside this. The EBA (European Banking Authority) will develop RTS (Regulatory Technical Standard) with more detailed requirements regarding the interface between ASPSPs and TPPs. While these are expected to be published early 2017, based on the EBA’s recent draft RTS, the question is whether they will define the interface’s technical specifications.

Emergence of new players and business models

By integrating the role of new third party payment service providers (TPPs) such as the PISP and the AISP, the PSD2 creates a level playing field in the market. Several market experts expect that this will foster innovation and creating new services. For this reason PSD2 should increase competition.

This might lead to a unique open race between traditional players, such as the banks and newcomers for new services and a possible disintermediation of banking services, as illustrated in the figure down below:

Source: Catalyst or threat? The strategic implications of PSD2 for Europe’s banks, by Jörg Sandrock, Alexandra Firnges – http://www.strategyand.pwc.com/reports/catalyst-or-threat

PSD2 is likely to give a boost to the ongoing innovation boom and bring customers more user-friendly services through digital integration. One can expect that the automation, efficiency and competition will also keep the service pricing reasonable. PSD2 will foster improved service offerings to all customer types, especially those operating in the e-commerce area for payment collection. It will enable a simpler management of accounts and transactions. New offerings may also provide deeper integration of ERP functions with financial services, including of their multibank account details under a single portal, and smart dashboards.

PSD2 also enables a simplified processing chain in which the card network can be disintermediated. The payment can be initiated by the PISP directly from the customer’s bank account through an interface with the ASPSP. In this scheme, all interchange fees and acquirer fees as well as all the fees received by the processor and card network could be avoided. The market expects that new PISPs will be able to replace partly the transactions of the classic card schemes. A large internet retailer could for example ask permission to the consumers permitting direct account access for payment. They could propose incentive to encourage customers do so. Once permission is granted then the third-parties could bypass existing card schemes and push payments directly to their own accounts.

On the reporting side, the AISP can aggregate consumer financial data and provide consumers with direct money management services. They can be used as multi-bank online electronic banking channel. One can easily imagine that these services will be able to disintermediate existing financial services providers to identify consumer requirements and directly offer them additional products, such as loans and mortgages.

The PSD2 is for banks a compliance subject, but also an opportunity to develop their next generation digital strategy. New TPPs can provide their innovative service offerings and agility to adopt new technologies, enabling to create winning payments propositions for the customer. In turn, traditional players like banks can bring their large customer bases, their reach and credibility. Banks have also broad and deep proven data handling and holding capabilities. This can create winning payments propositions for the customer, the bank and the TPP.

Banks will have to decide whether to merely stick to a compliance approach, or to leverage on the PSD2 to develop these new services. The second approach will require to leave behind the rigid legacy structures and to change their mindset to ensure quicker adaption to the dynamic customer and market conditions. A first mover strategy can prove to be beneficial. Consumers and businesses will be confronted with the increased complexity linked to the multitude of disparate offerings. There also, the incumbent banks who will develop new services can bring added value as trusted partners

Essentially, PSD2 drives down the barriers to entry for new competitors in the banking industry and gives new service providers the potential to attack the banks and disintermediate in one of their primary customer contact points. New players backed by strong investors are ready to give incumbents a serious run for their business. This is an important battle that the incumbent banks are not willing to lose.

The biggest potential benefits will be for the customers, who can access new value propositions, services and solutions that result from banks and new entrants combining their individual strengths or from banks becoming more innovative in the face of increased competition. Market experts also foresee an increased use of online shopping and e-procurement.

Several challenges to overcome

The PSD2 will be transposed in the national legal system of all the member countries. The involved market participants will have to examine the local legislation of their country of incorporation, as there might be some country-based deviations.

The authentication procedure is also an important hot topic. PISPs and AISPs can rely on the authentication procedures provided by the ASPSP (e.g. the banks) to the customer but there are customer protection rules in place. Hence, they must ensure that the personalized security credentials are not shared with other parties. They also may not store sensitive payment data, and they are obliged to identify themselves to the ASPSP each time a payment is initiated or data is exchanged.

ASPSPs are required according to PS2 to treat payment orders and data requests transmitted via a PISP or AISP “without any discrimination other than for objective reasons”. A practical consequence for credit institutions will be that they must carry out risk assessments prior to granting payment institutions access – taking into account settlement risk, operational risk and business risk. One of the main issue is the handling of the customer’s bank credentials by third party payment service providers. The bank needs to be able to perform strong authentication to ensure that the authorized account user is behind the initiation message

There are concerns about security aspects related to PSD2. An example hereof is the secure authentication. All the PSPs will have to ensure that they can demonstrate compliance with the new security requirements. How it will be achieved and monitored ? How will TPPs interact with banks, since there is no need for a contract to be signed?

If something does not work correctly, there will also be discussions on the liability side. The PSD2 states that the TPP has to reimburse customers quickly enough that they are not bearing undue risk, but one will have to determine which TPP had the problem and work with them to resolve it. This will require further clarifications from the regulators.

In addition the PISP and the AISP vulnerable for to potential frauds. Web and mobile applications could become easy target for cybercriminals for various reasons, including the inherent vulnerabilities in the APIs that transfer data and communicate with back-end systems. The openness of the web could allow hackers to view source code and data and learn how to attack it. APIs have been compromised in several high-profile attacks that have caused significant losses and embarrassment for well-known players and their customers. The PSD2’s ‘access to account’ increases not only the number of APIs, but adds layers of complexity to the online banking/payments environment, adding to the risk of fraudulent attacks.

The market is waiting for the RTS (Regulatory Technical Standards) to give guidance on how some remaining security issues will be solved. These include:

Treatment of PSU’s (payment service user)security credentials
Requirements for secure communication between the PSP and banks
Full details and definition of strong authentication
Safety of the PSU funds and personal data
Availability of license registry for real-time identification of the PSP (PISP or AISP)

It is important that the required clarifications are published soon, in order to avoid a time lag between the implementation of PSD 2 in the national legislations and the real move in the market.

Conclusion

The PSD2 creates challenges, such as the huge investments to be made by the banks, compliance issues and protection against fraud and cybercrime. However several topics need to be clarified such as the RTS and the market players need also to agree on common standards for the interfaces. The clock is ticking in the PSD race.

Traditional players such as the banks appear to have a competitive disadvantage vis-à-vis the new emerging third party payment service providers. However, the Directive opens up new forms of a collaborative approach that can overcome this. New players can provide their innovation and resilience, whilst banks can add value thanks to their large customer base, credibility, reach and ability to cope with high volumes.

The biggest potential benefits might be for customers, who will benefit from new value propositions, services and solutions from new entrants, from banks and new entrants combining their individual strengths, or from banks becoming more innovative in the face of increased and agile competition.

François de Witte – Founder & Senior Consultant at FDW Consult and Senior Expert – Product, Business development and sales manager at Isabel Group

[button url=”https://www.treasuryxl.com/community/experts/francois-de-witte/” text=”View expert profile” size=”small” type=”primary” icon=”” external=”1″]

[separator type=”” size=”” icon=””]

Best read articles of all time – PSD 2: a lot of opportunities but also big challenges (Part I)

| 15-05-2018 | François de Witte |

The Directive 2015/2366 on payment services in the internal market (hereinafter PSD2) was adopted by the European Parliament on October 8, 2015, and by the European Union (EU) Council of Ministers on November 16, 2015. The PSD2 updates the first EU Payment Services Directive published in 2007 (PSD1), which laid the legal foundation for the creation of an EU-wide single market for payments. PSD2 came into force on January 13, 2016, and is applicable from January 13, 2018 onwards. By that date the member states must have adopted and published the measures necessary to implement it into their national law.

PSD 2

PSD2 will cause important changes in the market and requires a thorough preparation. In this article, we are summarizing the measures and highlighting the impact on the market participants. In today’s Part I we will focus on abbreviations and main measurers introduced by PSD2.

List of abbreviations used in this article

2FA : Two-factor authentication

AISP : Account Information Service Provider

API : Application Programming Interface

ASPSP : Account Servicing Payment Service Provider

EBA : European Banking Authority

EBF : European Banking Federation

EEA : European Economic Area

PISP : Payment Initiation Service Provider

PSD1: Payment Services Directive 2007/64/EC

PSD2 : Revised Payment Services Directive (EU) 2015/2366

PSP : Payment Service Provider

PSU: Payment Service User

RTS : Regulatory Technical Standards (to be issued by the EBA)

SCA : Strong Customer Authentication

TPP : Third Party Provider

Main Measures introduced by PSD2:

The PSD2 expands the reach of PSD1, to the following payments:

Payments in all currencies (beyond EU/EEA), provided that the two PSP (Payment Service Provider) are located in the EU /EEA (two legs)
Payments where at least one PSP (and not both anymore) is located within EU borders for the part of the payment transaction carried out in the EU/EEA (one leg transactions)

A second important measure is the creation of the Third Party Providers (TPP). One of the main aims of the PSD2 is to encourage new players to enter the payment market and to provide their services to the PSU (Payment Service Users). To this end, it creates the obligation for the ASPSP (Account Servicing Payment Service Provider – mainly the banks) to “open up the bank account” to external parties, the so-called, third-party account access. These TPP (Third Party Providers) are divided in two types:

· AISP (Account Information Service Provider) : In order to be authorized, an AISP is required to hold professional indemnity insurance and be registered by their member state and by the EBA. There is no requirement for any initial capital or own funds. The EBA (European Banking Authority) will publish guidelines on conditions to be included in the indemnity insurance (e.g. the minimum sum to be insured), although it is as yet unknown what further conditions insurers will impose.

· PISP (Payment Initiation Service Providers): PISPs are players that can initiate payment transactions. This is an important change, as currently there are not many payment options that can take money from one’s account and send them elsewhere. The minimum requirements for authorization as a PISP are significantly higher. In addition to being registered, a PISP must also be licensed by the competent authority, and it must have an initial and on-going minimum capital of EUR 50,000.

Banks will have to implement interfaces, so they can interact with the AISPs and PISPs. However, payment initiation service providers will only be able to receive information from the payer’s bank on the availability of the funds on the account which results in a simple yes or no answer before initiating the payment, with the explicit consent of the payer. Account information service providers will only receive the information explicitly consented by the payer and only to the extent the information is necessary for the service provided to the payer. This compliance with PSD2 is mandatory and all banks will have to make changes to their infrastructure deployments.

A third important change is the obligation for the Payment Service Providers to place the SCA (Strong Customer Authentication) for electronic payment transactions based in at least 2 different sources (2FA: Two-factor authentication) :

Something which only the client knows (e.g. password)
A device (e.g. card reader, authentication code generating device, token)
Inherence (e.g. fingerprint or voice recognition)

The EBA (European Banking Authority will provide further guidance on this notion in a later stage. It remains to be seen whether the current bank card with pin code is sufficient to qualify as “strong customer authentication”. This “strong customer authentication” needs to take place with every payment transaction. EBA will also be able to provide exemptions based on the risk/amount/recurrence/payment channel involved in the payment service (e.g. for paying the toll on the motorway or the parking).

PSD2 also introduces some other measures:

Retailers will be authorized to ask to the consumers for permission to use their contact details, so as to receive the payment directly from the bank without intermediaries
There will be a ban on surcharges on card payments
There will be new limitations on the customer liability for unauthorized payment transactions

In a second article soon to be published on treasuryXL, François de Witte will focus on the impact PSD2 has on market participants.

François de Witte – Founder & Senior Consultant at FDW Consult and Senior Expert – Product, Business development and sales manager at Isabel Group

[button url=”https://www.treasuryxl.com/community/experts/francois-de-witte/” text=”View expert profile” size=”small” type=”primary” icon=”” external=”1″]

[separator type=”” size=”” icon=””]

Best read articles of all time – FX Swaps vs Libor and EURIBOR: Arbitrage opportunities?

| 10-05-2018 | Rob Söentken |

As we are getting closer to the end of the month, end of Q2 and end of H1 of 2016, it is interesting to see financial markets are maneuvering to get the right liquidity on board for the balance sheet. Or get rid of the unwanted liquidity. For firms with liquidity in various currencies the best means for liquidity management is FX swaps.

What is an FX swap?

In a very simple definition the FX swap is like an exchange of deposits. The big advantage is that the counterparty risk is reduced due to the exchange of notional. Operationally an FX swap is booked as two FX transactions: one to convert and another to revert. The conversion rate is against the prevailing exchange rate. The reversion rate is against the conversion rate plus or minus some ‘swap points’, which reflect the interest rate differential between the respective currencies. During the tenor the exchange rate could change, which creates counterparty risk on the mark-to-market value of the reversion. Mark-to-market risk for tenors up to 1 year is still a small when compared to full notional risk.

How would an FX swap work in theory?

In diagram 1 the Libor and Euribor fixings for USD and EUR are listed for the respective tenors. Now if we would consider exchanging a USD deposit versus a EUR deposit for 1 year the cash flows would be as follows:
For the conversion date we take value spot (ie 2 days, in this case that is per June 30^th) and we agree to exchange EUR 1 Mio vs USD 1.1048 Mio (because EUR 1 Mio at current spot of 1.1048 is USD 1.1048 Mio)

For the reversion date we take the value date for 1 year from today’s spot date. We calculate the following amounts including interest:

EUR 1 Mio x (1 + -0.05% x 365 / 360) = EUR 999,493.06

USD 1.1048 Mio x (1 + 1.20% x 365 / 360) = USD 1,118,241.73

Dividing the USD amount by the EUR amount gives the exchange rate for the reversion on the forward date, in this case that is 1.1188089. This is called the ‘forward rate’ The difference to the spot exchange rate is 0.0140089. For simplicity reasons this is multiplied by 10,000 to 140.089. This reflects the interest differential.

When executing an FX swap the EUR amounts are kept constant for both the spot and forward dates. But the USD amounts are calculated using the spot and forward exchange rates as calculated above. Therefor the interest differential is reflected in the USD amount being different between spot and forward date.

How does it work in reality?

As I mentioned at the beginning of this article, the current situation is special because we are getting close to a date special and important for balance sheet reporting. Supply and demand may push the market in a direction.

When looking at the actual FX swap rates and taking the EUR Euribor fixings as given, we can deduce the implied USD funding rates (see diagram 2). First observation is that the FX swaps appear to reflect either a substantial demand for USD from June 30^th to July 1^st, or a EUR supply. It is interesting to see that the 1 week fixing for EUR was not affected, while the 1 week FX swap was affected maybe 20 bppa. One reason could be the timing of the rates. Euribor is taken at one moment during the day, while FX swaps are affected by events during the day. Because we are looking at a single day FX swap, the annualized rate could swing a lot.

Another observation is that the interest rate differential between EUR and USD is actually bigger than implied by the fixings. For one month tenor the difference is 0.59% p.a.. It would seem possible that supply – demand forces can push FX swaps away from the deposit markets. Likely the counterparty limit constraints on pure deposits keep them from being arbitrages vs FX swaps, like they used to be many years ago.

How can a treasurer benefit from FX swaps?

Each individual and organization should determine for itself what he/she or it needs. And I do not want abstract from discussions around documentation requirements, collateral financing and administration, and the operational extra work. It seems obvious that there are opportunities to investigate.

One key area would be to look at the bid-offer spreads on cash liquidity in various currencies as provided by house-banks and compare those rates with and without using FX swaps. Also I could imagine non-house banks could be more competitive in providing FX swaps, while the counterparty risk is substantially smaller than when pure lending is concerned.

Rob Söentken

Ex-derivatives trader