The second edition of the Payment Services Directive (PSD2) obliges banks in the EU, among other things, to grant third parties access to bank accounts. „The EU’s PSD2 regulation does not apply to Switzerland. Switzerland relies on market economy solutions. There is no need for PSD2 analogue regulation.”, says The Swiss Bankers Association (SBA).
Swiss banking does not intend to open their customer interface to third-party providers starting next year. In Switzerland, Hypothekarbank Lenzburg and Postfinance proclaimed to be open toward an adoption of the EU rule on open banking. Most rivals however remained highly skeptical.
Nevertheless, discussions are also taking place in Switzerland about whether a PSD2-equivalent regulation should be introduced. In Switzerland, the banks already grant third party providers access to accounts and open the customer interface if this is in the mutual interest of the bank and the customer. There is, however, no legal obligation for the banks to do so. Switzerland is therefore pursuing market-based solutions.
The Swiss Bankers Association (SBA) rejects the introduction of regulation analogous to PSD2 or a legally imposed opening of access rights to third parties for the following reasons:
. In Switzerland, regulation analogous to PSD2 is unnecessary because there is no action required in this area, competition is functioning effectively and the banks already (irrespective of PSD2) offer a large number of innovative solutions. A regulatory obligation to open interfaces would be an unnecessary intervention in what is a functioning market and would result in competitive distortion to the disadvantage of the banks.
. The issue of customer data security plays a key role in electronic banking. The highest level of security can only be guaranteed if customers and banks cooperate. A forced opening by the state is dangerous because bank-specific security principles are not fully addressed and this creates security gaps.
. Additional efforts and costs would arise for financial institutions in the areas of security infrastructure and compliance, which in the end would have to be paid for by the customer.
A one-sided opening of access rights for third parties as required within the EU under PSD2 is an experiment at the expense of bank customers that creates dangerous confusion and undermines the customer’s data security.
An economic experiment at the expense of security and data protection
Customers are entitled to a high level of security in electronic and mobile banking. A forced opening of interfaces by the government, however, holds great risks in terms of security. For example, the question arises as to whether the payment initiation service providers should receive full access to electronic bank accounts. If so, this would mean that these service providers would also have access to all the bank and securities accounts tied to the customer relationship. This would be akin to handing over a blank cheque together with all of the customer’s account statements.
The third party provider would have information about all the assets held, as well as access to the entire spectrum of incoming and outgoing payments such as rent and salary, insurance and health insurance payments, and mobile phone providers. In addition, it would become increasingly difficult for customers to understand what is happening with their data, where it is being saved and what their rights are. The consequences of the forced opening of bank accounts are difficult for customers to gauge.
PSD2 will not first and foremost be helpful to European, never mind Swiss startups. Instead, it will play into the hands of the global tech giants. They can aggregate customer data on their widespread platforms. This means that PSD2 misses its target.
The Swiss tradition of voluntary investments in the future represent an alternative approach: the Swiss banks are investing in fintech solutions and to this end work closely together with startups and service providers of all kinds. The Swiss banks are therefore – irrespective of PSD2 – working on developing possible applications themselves, or with partners and fintech companies, in order to increase customer value through innovative solutions.
Market-based solutions in Switzerland even without PSD2
. Banks can already open their customer interfaces if it is in the interests of the bank and the customer.
. Switzerland is not obliged to implement PSD2 (directly or indirectly) as it is neither a member of the EU, nor of the EEA, and there is also no corresponding commitment in the bilateral agreements with the EU.
. Swiss banks already offer a large number of innovative payment and wealth management solutions without any regulatory obligation to do so. Examples thereof include:
1) Using e-banking, the e-invoice function allows for pre-entered invoices to be reviewed and paid electronically. E-invoices are very secure because the invoice issuer is authenticated by the bank, which is not the case for paper invoices.
2) Starting in 2019, payment slips will feature a QR code containing all payment information. This is an innovation that builds an ideal bridge between the old, paper-based world and the new digital world.
3) There are a number of examples in the market of successful partnerships focussed on secure, standardised interfaces. For example the automatic exchange of information between e-banking and accounting programmes.
4) Payment app TWINT: already gives the customer the possibility to make P2P, e-commerce and POS payments securely and comfortably, directly from their accounts.
„For more than a week now, ScoreRise enrolls daily hundreds of users through an innovative facial recognition interface. Enrollment takes less than a minute and it does not require presence of a human operator or video recording. And, of course, it stays fully GDPR compliant with help from Reff & Associates and Deloitte Romania.”