Fintech groups are ready to swoop into a market long dominated by banks © FT montage
From Saturday, many of Europe’s banks must start allowing third parties — such as retailers, technology groups and rival lenders — to access the accounts of any customers who authorise it. The change has prompted forecasts of the biggest shake-up in retail banking since the ATM was invented 50 years ago.
For Mr Bjerke, who has run Norway’s biggest bank for more than a decade, the full scale of the challenge created by the introduction of the new EU rules only became clear after he visited China with his top management team a couple of years ago.
He says that meeting Alibaba and Tencent and seeing how quickly the technology groups had become dominant operators in China’s $5.5tn payments industry made him recognise how serious the risk was of a US tech titan such as Facebook swooping into DNB’s market.
This threat is coming into closer focus for European banks this weekend when the EU’s second payment services directive (PSD2) comes into force across most of the continent, opening the door for tech-savvy rivals to pounce into the sector.
“It is becoming a global competition, with Facebook, Google and Amazon as well as smaller fintechs competing with bits and pieces of the banking industry,” Mr Bjerke says. “With PSD2 we will be attacked even more by these fintechs and international players.”
As well as opening up access to customers’ information, such as bank statements and account balances, the new regulation will also allow other companies to initiate payments directly from customers’ accounts.
“This is the biggest regulatory change in my career from a scale perspective — it is a very significant technical lift — as it puts customers in control of their data,” says Catherine McGrath, a managing director at Barclays.
The UK has a head start in implementing “open banking” rules after its competition regulator seized on the idea as a way to improve competition in retail banking by forcing the nine biggest British lenders to open up their data.
Eight of the nine UK banks will be in varying states of readiness by the end of the six-week launch period, before which new services will be trialled only by staff of banks and third parties. Bank of Ireland is the only one that will definitely not be ready; it has to overhaul its technology to mesh it with the UK’s standardised access model.
Third party companies must be authorised by the Financial Conduct Authority, which by Saturday expects to grant permissions to 12 of the 40 companies that have already applied.
“All banks do is really data, so when you open that data up to third parties it allows for the first time a separation between the person that manages the customer relationship and the person that provides the balance sheet services,” Antony Jenkins, the former Barclays chief executive who has reinvented himself as a fintech entrepreneur, says in a video interview.
“The winners in this are going to be the people who can take that data from multiple financial institutions, combine it with other data sources and add value back to the customer,” says Mr Jenkins, who founded 10x Future Technologies to help banks manage their data better.
The changes are expected to prompt the launch of apps aggregating all of a person’s financial information from multiple banks. In future these could help consumers to compare how much they spend on items such as electricity bills with other people like them.
Christoph Rieche, founder of online lender Iwoca, forecasts competition in small business lending will be transformed by fintechs gaining easier access to much of the same data that banks have, allowing them to “compete head-on with banks on more of a level playing field”.
Retailers are also set to launch new services, according to Accenture’s Jeremy Light. He expects that supermarkets will soon have apps that let customers see their bank balance, receive offers and pay for produce using their mobile phones as they walk round a store.
However, consumers on the European continent will have to wait longer for such changes. Some countries, such as Belgium, the Netherlands and Poland, will not transpose PSD2 into law for months. Even then, most banks will have until 2019 to fully comply.
EU officials remain convinced they will transform the sector. “Gone are the fees that consumers have to stomach just to use credit cards online and in shops, saving them €500m a year,” says Valdis Dombrovskis, the EU commission vice-president responsible for the plans.
If payments shift from debit and credit card networks to a direct account-access model it will cut the vast fees earned by banks as well as by Visa and MasterCard. Many banks have already anticipated the change, creating free direct-access payment apps of their own, as DNB has done with Vipps in Norway and ING has with Payconiq in Belgium.
“For too long banks have existed in an environment without competition,” says Olle Ludvigsson, a member of the European Parliament who worked on the new law. He says MEPs had resisted proposals from EU banking regulators that would have let lenders frustrate fintechs by stopping them from using customers’ usernames and passwords to access accounts directly via “screen-scraping” techniques.
“Not a lot of parties will be ready on Saturday — it will be a gradual implementation over the next 18 months,” says Eric Tak, the global head of the payments centre at ING. “How well banks deliver new services to their customers in that time will be a huge factor in deciding how much they are disintermediated.”
Fintechs have to convince consumers on data
The commercial rationale for fintechs, large tech companies and even banks to increase data-sharing is clear. But for customers the picture is perhaps more nuanced. The prospect of having bespoke budgeting advice and more convenient payment services must be balanced against fraud risks and data-privacy concerns.
“It’s a concern, and naturally there will be nervousness about sharing financial information,” says Gareth Shaw, a money expert at Which?, the consumer group. “You don’t have to participate — you don’t have to give your consent — but you do need to be aware that there is a value exchange when you give a third party access to your data.”
Separate and strict EU laws around data protection that come in later in 2018, known as GDPR, should assuage some concerns. The UK Treasury and the FCA have also made it clear that third parties must make it clear to what customers are consenting and whether they intend to share that data with other parties. If anything goes wrong and a customer loses money, the rules require banks to compensate them.
There is then the question of how many people can be persuaded to share their highly sensitive bank details. A recent survey of 2,000 Britons by Experian showed that about 22 per cent do so willingly, without reading terms and conditions. Another 9 per cent want to remain staunchly incognito.
Seven out of 10 people say they are more accepting but cautious about the need to share their information. This suggests fintechs will have to make a compelling pitch to convince most consumers to open up access to their financial data.
This post originally appeared on Financial Times