Photographer: Stefan Wermuth/Bloomberg

Why This EU Law Could Bust Open Retail Banking: QuickTake Q&A


It sounds like yet another arcane regulation from Brussels technocrats. But the revised Payment Services Directive, a European Union law adopted in 2015 and that begins to take effect in January, is nothing of the sort. PSD2, the less-than-catchy title for such landmark legislation, will force banks to share oceans of financial information about their customers with fintech upstarts and other rivals. It could revolutionize how more than 500 million Europeans spend, borrow and invest. For lenders, which have long considered customer data a proprietary asset, life may never be the same.

1. What does PSD2 require?

European Union banks must provide legitimate, outside firms access to customer accounts  -- if an account holder gives consent. That means banks must send their customers’ data to fintech firms or, if the customer wishes, to the likes of Inc. and Apple Inc., which have their own digital payment services. To quicken the flow of information, PSD2 also requires banks to establish standardized digital connections with other companies.

2. Why is this happening?

The EU has been frustrated by the dominance of its big banks and the high fees they charge. By forcing them to share their customers and data, the EU hopes competitors will offer consumers new products and better service -- at lower cost.

3. What’s the biggest change for consumers?

PSD2 establishes that account holders’ financial data belongs to them, not their banks. And that means they can share it with whichever outside financial company they choose, as long as the company is legitimate.

4. Don’t EU consumers already use apps for payments?

True, they have myriad apps at their fingertips for paying bills and transferring money between countries, and big banks don’t appear to be impeding such transactions. But under PSD2, the collaboration between traditional lenders and such fintech services as TransferWise or ApplePay will be mandatory, not optional.

5. How does that make a difference?

If you download, say, the hot new British app called Osper, which lets parents set up payment cards for teens, your bank won’t be able to cite its own internal policies to block the app from transferring money from your checking account to a third party. Moreover, if you grant Osper permission, your lender will have to share records of all your transactions. That way, Osper’s product development team can offer you additional services, such as a savings plan for your children’s college tuition.

6. How do banks feel about this?

Industry groups, including the influential European Banking Association, back the law because they want to show their customers that they welcome digital innovation. Yet some executives are concerned that opening their banks up to outsiders will compromise the security of their customers’ financial information. Bankers are also unhappy about being required to help fintech rivals that want to poach their customers.

7. Will this jeopardize consumer data?

The law is designed to prevent that. In January, banks won’t suddenly release fire hoses of information. National banking regulators and industry leaders still must write industry standards for how banks will share -- and secure -- data. Banks also must provide "application program interfaces," or APIs, to outside firms. These software protocols and tools will enable other companies to plug into bank systems and tailor services for their customers.

8. So how long will all this take to unfold?

Quite awhile, most likely. The U.K., a longtime proponent of banking competition that is hewing to PSD2 despite Brexit, is on track to complete its standards process by early next year. But other countries may take two to three years to finish. Until they do, the market will probably behave the same way it does now, with banks connecting to fintech firms on an ad hoc basis.

9. Will this mean the end of retail banking as we know it?

It might in Europe, at least. For decades, many EU lenders aspired to be so-called universal banks that controlled virtually every aspect of their customers’ financial lives. Their clients used bank-issued debit and credit cards, sent money overseas via their lender’s network, and paid their bills electronically through their bank’s website. Now that model is under pressure as consumers and businesses are inundated with digital alternatives that are faster, cheaper and easier to use. Left to its own devices, the market would probably continue driving this trend. With PSD2, the transformation from one-stop shop to a platform that hosts many different providers, like a mall, is being sped up.

10. Does the U.S. have anything similar?

No, but the payments business is as tumultuous in the U.S. as in the EU. Amazon and PayPal Holdings Inc. are using their payment services as springboards for offering working capital loans to small businesses. Facebook Inc. enables customers to send payments via its messenger app. And in September, Square, the San Francisco-based payment processing firm, applied for a lending license to offer banking services to small businesses. The Independent Community Bankers of America, a trade group of 5,700 institutions, opposed the application. It argues that Square would have an unfair competitive advantage because it doesn’t have to comply with the same supervisory and financial requirements as deposit-taking institutions. As tech firms venture deeper into traditional lending territory, you can bet there will be more such clashes.

The Reference Shelf

  • Bloomberg reported on how concerned European banking leaders are about data sharing under PSD2.
  • The European Banking Authority’s website provides extensive details on PSD2.
  • Bloomberg’s QuickTake on fintech and its impact on the financial services industry.
    Before it's here, it's on the Bloomberg Terminal.