Baringa Blogs

PSD II and Open Banking series: The scale of organisational impact

Implementing PSD II presents a monumental task for banks - the breadth and scale of which is only just becoming apparent. Not only are you required to embark on a significant API (application programming interface) build, change the way you authenticate customers online and reconsider your fraud and payments processes, but there are a vast number of other organisational considerations to be factored in.  We estimate 80% of your organisation will be impacted.

The communication challenge

  • Keeping all parties (including regulators, the Open Banking Implementation Entity, third party providers (TPPs), customers and non-customers) engaged with payment account access (XS2A) changes will be paramount  
  • The many changes and implications of PSD II will need to be conveyed through all your channels from the Ts and Cs issued to customers, to the information disseminated via your service and marketing teams and on your public website
  • Servicing teams need to be trained and prepared for support and query management relating to new processes
  • Complaints will need to be investigated and responded to within only 15 business days of receipt (current FCA rules allow eight weeks.)

The complexity of legislation

  • Inconsistencies exist between the CMA (Competition and Markets Authority) remedies and PSD II. Determining how to comply is the first challenge
  • A substantial amount of detail is still unknown, making it difficult to effectively plan and navigate a route to compliance
  • PSD II cannot be considered in isolation. GDPR and the 4th AML (Anti-Money Laundering) directive are also interlinked but can lead to conflicting messages. Ask yourself, according to PSD II, GDPR and AML, are banks responsible for making sure the TPP doesn’t store the data? How can you pass on the data without ‘seeing’ it yourselves?

The data architecture perspective

  • You will need the capability to issue access tokens to TPPs representing each and every authorised customer interaction, including account information or payment requests.
  • Customers also need to have the ability to manage and revoke the consent they have previously provided for TPP access.  This means you will need to store this information and make it available to customers to manage
  • Your fraud analytics departments also will need to consider what new monitoring capabilities and rules they will require to prevent fraud on the new Open Banking channel – critical  to maintaining customer trust and protecting the bank.

Ownership of the new TPP channel

  • You will need to determine who is responsible for managing this brand new channel, have a view of whether you want to embrace TPPs and if so how, remaining clear on how they will enhance your brand – all in the absence of a contractual agreement.

Preparing multiple teams across your organisation for the full impact of the regulation is a vast task for which you need to be adequately prepared – Please see below Baringa’s view of which functions will feel the greatest impact:


In conclusion, the impact of PSD II will be far reaching, with implications across the length and breadth of the organisation. A comprehensive approach to analysis and coordinated implementation, addressing all parts of the operating model, will be key in addressing what will be both a fundamental challenge and a huge opportunity for today’s banking industry.

Back to March 2017


Blog post currently doesn't have any comments.

Leave comment

 Security code