Tijdens het Webinar Fintech op 26 november sprak Inge van Dijk - divisiedirecteur bij DNB - over ontwikkelingen op het gebied van PSD2 en Open Banking.
I am glad I have the opportunity to speak to you all today. Online, as is the custom these days. The pandemic, apart from its downsides, certainly also spurred our creativity, bringing new solutions to the table for all sorts of problems. Problems we had not imagined we would have. Problems we have solved, such as additional hospital beds, vaccination streets, all sorts of services to go, working & learning from home massively, and hopefully soon, a good vaccin.. We have a mixed crowd here today, who does this everyday: creating new solutions Fintechs, start-ups, scale-ups, schemes, consultants and banks of all shapes and sizes. Good that you are all here. I imagine for some of you, contact with a central bank and regulator may feel a bit like a culture shock. Like two different worlds. I can certainly relate to that. Up till a few months ago, I was working for the start-up of bank. I believe it is possible to bring these two worlds together. Even more so, it is imperative that we come together on a regular basis. To understand each other. And that is exactly the purpose of this meeting is. And a memorable meeting it has become: our 5th anniversary, and fully digital. So without further ado, let’s get started.
As you know, the pace of innovation is accelerating. Change has always been a key constant in the payments market. Just think about all the different new payment methods. Instant payments, contactless payments, QR code payments, mobile payments, Request to pay payments, for consumers and for businesses. It makes me wonder whether the next generation, children born today, will even know what a banknote is. The drivers behind innovation are as we all know, technological development, changing consumer preferences, and of course upcoming regulation. We will talk about the latter in a minute.
Let me briefly reflect on what PSD2 has brought us so far and where we see room for improvement. What have we learned, also considering the upcoming next steps in European payments regulation? As you Know: PSD2 facilitates access to payment accounts held with banks. As a result companies can provide payment initiation and account information services building on that access. The supply and uptake of these type of services has so far been, let’s say a bit tentative. One of the reasons for this is that many consumers are still reluctant to share payment data with third parties. I’ll come back to this later.
Let me first give you a few figures to outline the current situation. We have granted 18 licences in The Netherlands. This number also includes parties who have had their licences expanded so they can provide services under PSD2. In addition, there are 14 pending applications. Almost all banks now also offer account information services to their own clients. 140 payment service providers with a licence obtained in other EU Member States have been granted passporting rights to provide these new services also here, in The Netherlands.. All in all, however, we can conclude that the PSD2 market is still in its infancy. The new service providers have a wide range of business models. Ranging from personal finance management tools; to micro-investment platforms; automated invoicing accounting for small businesses; from payment platforms; to credit loan rating of consumers and businesses. Banks have an obligation under PSD2 to grant licenced third parties access to payment accounts. However, it is still not easy for these parties to enter the market. A key reason for this is that banks use different standards for their API’s, which cater for secure access to customers' payment account. And this in turn raises the costs and therefore the bar when introducing new services. We already see many different API’s within the Netherlands, and an even wider variety within Europe. So much for the passport, which provides a legal basis to provide services, but doesn’t solve this key issue. If we want to make it easier for new entrants to roll out their services, we have to set standards to make API’s more uniform. That’s far from easy, but at DNB we are calling on the European Banking Authority to push for this to happen. It will take some time before it does, but fortunately there will always be innovators to jump in, filling the gaps and making a business out of harmonizing API’s, so that at least the costs are ‘shared’ so to speak.
In terms of data sharing, not much has been happening since PSD2. We all recognize the enormous potential of the free use of data for the innovation of products, services and processes. This applies not only to payment data, but also to other financial data such as investment information, loans and mortgages. And it also applies to non-financial data, such as telecoms data, energy consumption data, location data and so on. Innovative market parties can offer new financial services that meet future customer demand making smart use of their customer’s data – provided of course that their explicit consent has been given first.
So yes, development towards Open Banking and Open Data is becoming increasingly important. That is why I am very pleased with the Digital Finance Package that the European Commission published at the end of last month. A package consisting of several pieces of legislation, that can give a real boost to innovation. For example, it will contain a legislative proposal on regulating Open Finance and Open Data in mid ‘22. Just as with PSD2, the person concerned will still retain control of his or her data. This means that the data can be shared with a third party only after the explicit consent. This could for example further improve personal finance management tools. Because in addition to payment data, data on savings, investments, mortgages, pensions, etcetera can now also be extracted and used. We can draw important lessons from our experiences with PSD2, to allow for more far-reaching forms of Open Finance and Open Data.
A first lesson relates to trust. Customers must have sufficient trust in the parties wanting to use their data. Research done at the Dutch Central Bank demonstrates this. In the first year that PSD2 was in force, 1 in 4 customers in the Netherlands gave consent for their payment data to be used. In most cases they gave their consent to banks. Even today, willingness to give consent to use payment data in exchange for new services remains limited. Half of customers say they only want to share this data with their own banks, while an even smaller proportion may share it with non-banks. The main reason is a lack of confidence that the data will be used securely.
The second lesson is that organisations that have data should share it with other businesses in a uniform efficient manner. With PSD2, the market is already moving cautiously towards more standardisation. As said this may take time. Is there an alternative approach? One that is more effective? On introducing Open Finance, one consideration could be to offer the businesses that currently sit on the data the opportunity to charge a price for opening up. This is not currently the case under PSD2. It may encourage more third-party access, as there will be a financial gain in facilitating access, or at minimum a cost recovery. It also an incentive to continue investing in the access infrastructure. And if businesses sharing data can charge third parties a fee for this, then there is a clearer justification for passing these costs on to the end-customers. Something to consider. The third lesson is the need for more intensive co-operation between regulators and supervisors at national and at European level. It is key to properly balance the different public interests involved in data sharing, and to coordinate regulation and supervision. As far as PSD2 is concerned, there is room for improvement at European level. In the Netherlands, the 4 most important supervisory authorities are De Nederlandsche Bank, the Dutch Data Protection Authority, the Authority for the Financial Markets and the Authority for Consumers and Markets have regular consultations, through the PSD2 Task Force, mainly on supervisory interfaces.
Such intensive cooperation could also be promoted at the European level, in the context of PSD2, but also in connection with the new regulations on Open Finance and Open Data, and whatever will be next. As said, the customer’s trust is the key success factor in maintaining confidence in all types of payments and likewise in all data sharing. Take the recent wave of spoofing, where cybercriminals pose as banks in order to obtain account details and steal funds. This undermines confidence in the payments sector as whole. Supervisors, banks, non-banks, payment providers and the government must join forces to address spoofing and similar and future types of fraud. I hereby challenge you, creative minds, to think of a solution to this problem that is posing a real trust threat, and submit it to us. Trust is also based on good cyber security. In this regard, I look forward with interest to DORA. DORA stands for the Digital Operational Resilience Act and is part of the EC’s Digital Finance Package. The European Commission intends to use DORA to regulate a number of matters. For example, large financial institutions will be obliged to carry out advanced hacking tests. We started the TIBER programme several years ago doing exactly that. Currently well over 30 major financial institutions (banks, pension funds, insurance companies) here in The Netherlands are participating, being hacked regularly and on purpose, to identify weak spots and further improve their cyber resistance. Today, this is done on a voluntary basis. Under DORA, this will become mandatory. In addition, there will be enhanced supervision of outsourcing at financial institutions. Mainly to be achieved by tightening outsourcing rules. Finally, third parties critical to the functioning of large financial institutions will also be placed under some form of supervision. Consider for example major firms that offer cloud computing services. We have all been privy to how important their services are, especially these days. I wholeheartedly support these developments on Open Data, Open Finance and Dora As central banks we must monitor each step in the payment value chain where potentially major risks can arise. We provide guidance on the one hand, and instruction where necessary on the other hand.
Moving on to the 3rd and another interesting part of the Digital Finance Package: the Retail Payments Strategy. In this strategy, the Commission strives for the wide adoption of instant payments at European level, something we are more than familiar with already in our country,. Here instant payments is already the new normal and we see new innovative services build on top of this efficient infrastructure almost every day. Some member states are equally far, like Spain, or close to follow like Belgium, but most still need to embrace its potential. And we understand the difficult choice, for it does not come cheap. The strategy also outlines the creation of pan-European payment solutions -originating in Europe let’s be perfectly clear about that - that can be used at the point of sale, both online and offline i.e. at stores etc..
Take the European Payments Initiative (EPI), a market initiative we fully support, which has great potential and can reduce Europe's dependence on large global - non-European – market players and bigtechs. At the central bank, and this may come as a surprise to you, we are also very much capable of innovation! We have been working agile for years now, when implementing key settlement and collateral systems, heavily in use by financial institutions. Kanban boards and Scrum masters are also found with the Dutch Central Bank. And we most certainly also have our Data Sciences Hub, using AI, exploring new techniques. But that is not what I am alluding to. As most of you will be aware, we are working together as central banks, under the umbrella of the ECB, on the design of a digital euro. We believe a digital euro may well be needed, as a complement to cash, not a substitution. A digital euro would grant citizens across the euro area free access to a simple, universally accepted, safe and trusted digital means of payment. To make sure public money remains accessible in the future.
This is even more in demand now that cash use is declining further, currently at a little over 20%. And not just in our country. We hear similar drops from other countries. Therefore, it is key that a public form of money remains available. The interchangeability between private and public money is one of the corner stones for confidence in - and the resilience of - our monetary system. At DNB, we have announced our intention to play a pioneering role with regard to the digital euro. We are actively involved in the ECB program, working on technical experiments (not for the public) and consulting the market. By mid-2021, a decision will be made whether or not to launch a digital euro project across Europe. Chances are that this will be the case. It is clear that private parties will play a large role in bringing the digital euro to the market, as you are the window to the citizens. It simply is not possible without market, without you. Digitisation of payment services, the decline in cash, instant payments, the rise of digital currencies, an upcoming digital euro… Developments are taking place at incredible speed. But can all citizens keep up? Not everyone is as digi-adept as you all are. My uncle of 87 is better at social media and mobile payments than my husband of 57, whereas my dad of 90 still uses the acceptgiro. My son of 16 on the other hand can’t remember a time without smart phones. I am sure you all have similar family members. Let’s keep them in mind, and give all of them time to adapt and/or support them with easy safe solutions. We must make sure that vulnerable groups, not just the elderly and disabled, but digi-dyslects and the less fortunate, will continue to be able to make payments just like everybody else. Some rely heavily on cash and we must ensure that cash remains available and continues to be accepted everywhere. On our end we will do our utmost to ensure that cash remains accessible and is organized as efficiently as possible. This will enable all Dutch citizens to continue to participate in our financial eco-system. One thing is for sure: change is constant, certainly in payments. Never a dull moment.
Whatever the next few years may bring us, from our end we will continue to foster innovation. It leads to better and safer customer propositions, stimulates competition and improves accessibility for the public. As central bank and regulator, we want to create as much room as possible for innovation provided of course that payments and data remain safe, reliable and accessible. And that financial stability is guaranteed. That is what we will have to safeguard. I, for one, hope, no I expect we can count on your help and your creativity in this journey to a new world. And please surprise me, surprise us all, with what is next in payments!
Thank you for your attention.
Op 13 september 2019 veranderde er iets fundamenteels in bankenland: vanaf toen waren de traditioneel gesloten banken verplicht om – mits de klant daarvoor toestemming geeft...