European Credit Sector Associations (ECSAs) and Third Party Provider associations have formulated a Joint Statement on PSD2 rules applicable on 14 September 2019, and Ralf Ohlhausen (photo), Vice-Chairman of ETPPA has commented on this.
„I am very glad that we managed to agree some common ground between banks and third party providers (TPPs) as published today in our Joint Statement. Clearly, both sides support the aims of PSD2, which is the regulatory foundation for innovation, development and cooperation across the payments industry in Europe.
However, the deadline for the legal implementation of the RTS on SCA & CSC is now fast approaching, and we still have to get over some hurdles between now and then. The successful implementation of PSD2 and the RTS is a pre-requisite to go further on our way to Open Finance and Open Data. It would be a disaster if instead we would experience any of the customer detriments, which many TPPs are still foreseeing at the moment.
Millions of consumers, merchants and corporates are using TPP services across Europe and have done so for more than a decade in many countries. These are often very sophisticated services, mostly running automatically in the background to deliver value-added services in the form of personal finance management apps, e-commerce payments or bookkeeping software to just name a few.
Migrating these services onto APIs which shall be the default route from 14th September to access the underlying account data is a huge effort for most TPPs. From 14th March, TPPs should have been able to to do this and test their software, but unfortunately, we didn’t see many such sandbox environments and those which were there, where not really usable and had most functionality missing. So instead, TPPs were used to beta test the new bank APIs and so far, the feedback is not very positive. To be fair, it has taken almost 2 years in the UK to get there, which shows that this is not an easy task.
On 14th June, all the APIs should have been in production, allowing TPPs to do their first live transactions and start migrating their customer base. In reality, many APIs were not yet in production mode, the required eIDAS certificates to use them were not available and even the few really live APIs, where missing all sorts of functionality and thereby creating obstacles for migrating the TPP services, without losing much of their purpose.
So we are facing a cliff-edge on 14th September, unless we take action now and put the necessary elements into place to avoid it. First, this requires the closest possible communication and cooperation with the banks. Second, a common willingness to ensure the continuity of existing TPP services without customer detriment and third, a joint call upon the national regulators to do the necessary and maximum possible from their side as well. This is what we agreed with the banks today.
From here on, we must now persuade the regulators and the banks that the elements defined and requested by ETPPA are essential to ensure this service continuity and that the necessary contingency measures are put into place, namely 1) the technical ability to use the TPP’s current practice for contingency if required, 2) enabling TPP’s to identify themselves as stipulated, 3) coordinate the introduction of SCA, which requires a similar flexibility recently granted to the card schemes, and 4) allowing TPPs to handle the SCA for the required 90-day renewal of customer consent.
About the author
Ralf Ohlhausen is Executive Advisor at PPRO and Vice-Chairman of ETPPA. With an MSc in Mathematics and Master of Telecommunications Business, he has over 25 years’ experience in ecommerce, financial services, mobile telecoms and IT. Ralf is responsible for expanding the company’s portfolio and global reach, as well as developing new business areas and partnerships.
„For more than a week now, ScoreRise enrolls daily hundreds of users through an innovative facial recognition interface. Enrollment takes less than a minute and it does not require presence of a human operator or video recording. And, of course, it stays fully GDPR compliant with help from Reff & Associates and Deloitte Romania.”