The European Banking Authority (EBA) has proposed that the next Payment Services Directive introduce a common API standard. However, TrueLayer’s public policy chief, speaking during a VIXIO webinar, says there are other options to improve current market problems.
A single API standard is on the cards for the EU, with both the European Commission and the EBA having expressed regret that they were not able to implement something like this at an earlier date.
“A single API scheme of course had huge benefits, and crucially for us as a regulator, allows one of the key objectives of the PSD2 to materialise and to be fulfilled, which is the creation of a single EU payments market. It contradicts with other objectives, but it is an objective,” said Dirk Haubrich, consumer and payments chief at the EBA, while speaking at VIXIO’s "How To Prepare For PSD3" webinar, which was held in partnership with Compliancy Services.
Although this would, of course, compete with other objectives, it is an objective that the EBA has an interest in realising, Haubrich said. “After the departure of the UK, we have around four and a half thousand banks in the EU that the EBA is responsible for.”
“Of course, if we were managing to ensure an access scheme for all of those four and a half thousand banks, or maybe only two or three access schemes for the four and a half thousand banks, that would be a huge bonus.”
The EBA’s feedback to the European Commission has suggested a common API standard for third-party providers to access payment accounts held with banks.
Although it distanced itself from the prospect of leading the charge, suggesting that “the industry would be best placed to develop”, the EBA noted that a common API standard could have the additional benefit of creating a foundation for the future development of open finance beyond the requirements in PSD2.
In addition, some of the services that have been created through PSD2, such as account information services, for example, are offered primarily at the national level, not at a cross-border level, with the same applying to payment initiation services.
There is a competition element to this as well, according to Haubrich. “The absence of an API standard means that those actors that are already in the market and were already in the market prior to PSD2 coming into effect had a competitive advantage.”
In addition, Haubrich argued that the enhancement of competition does not just account for those few actors that were in the marketplace in a grey legal area prior to PSD2. These firms, he said, had already developed APIs through screen scraping and proprietary solutions.
“It's also about enhancing competition for everyone who wants to enter the market, even smaller players that want to enter the market and provide innovative services.
“For them, the existence of proprietary solutions that already exist with competitors is an entry barrier that is not desirable from an EBA point of view and which we would like to see addressed,” he said. “We have not been able to do this in PSD2.”
Timing was the reason for more work not being done in this area, as the EBA had 12 months to create regulatory technical standards and would have needed additional expertise, as well as the undertaking of a consultation and other protocols before implementing a common API standard.
“That's the reason why we said ok, we will not do this under PSD2,” he said. “It's impossible for us to do that. It's not desirable for us to do that. We will have to accept the fact that there will be initially several API schemes coexisting with each other in parallel and hopefully over time, there will be survival of the fittest.”
Although this has happened to an extent, with the rise of frameworks such as that of the Berlin Group, Haubrich suggested that the issue needs to be “embedded more thoroughly”.
Yet, Haubrich left Andrei Cazacu, TrueLayer’s public policy lead, unconvinced.
“I would say that we don't necessarily need a single API standard,” he suggested, pointing out that the term “standard” may be misleading.
The implementation of these standards is left to individual banks, he pointed out. “So there is little supervision or coordination as to how they're implemented or how they perform.”
This means that even the same API can be implemented in different ways within the same standard, which in turn means that open banking providers such as TrueLayer have to treat each API on a case-by-case basis.
“Just having the standard doesn't mean it's implemented in a standardised way.”
The market is addressing some of the regulatory shortcomings as well, he said. “There's a lot of innovation in the API aggregation space. Maybe even some would agree that the API aggregator space is one of the more seriously competitive spaces in open banking, where companies specialise in connecting to all these APIs and leaving more room for other fintechs to develop end user facing solutions.”
Cazacu further warned that many companies had put a lot of work into gaining the know-how to work with the current standards.
“I would be very careful in putting the breaks on open banking, having a new common API standard, and needing to implement that,” he said. “I think there's a very serious risk that would slow down the continued growth and expansion of open banking, taking up those resources.”
Cazacu did, however, acknowledge that there needs to be more coordination and communication between the different parties involved, so that, over time, the specifications better align with one another.
This already exists in the UK, where there is the Open Banking Implementation Entity (OBIE), which has helped aid standardisation at a fast rate.
“I think it's pretty obvious that OBIE is one of the key reasons why the UK is one of the most mature markets in open banking under virtually the same regulations,” he said.
Whether the EU takes this on remains to be seen, and supranational and national regulators' concerns over APIs may jig the commission into siding with the EBA’s position.
However, Cazacu stated that the EU should tread carefully on this matter, and consider the groundworks that are in place.
“Let's work with implementing plans that we have in a more consistent way that's harmonising over time and have some kind of better supervision and sort of guidelines over them,” he said. “I think it's better to work with that than risk kind of slowing down the progress that we've made so far.”
Watch the "How To Prepare For PSD3" webinar here.