PSD2: Opportunities & Challenges for Alternative Finance

By Jay Tikam on 12th December 2017

How will these new rules affect alternative finance providers such as peer-to-peer lenders and crowdfunding platforms, if at all?

PSD2: Opportunities & Challenges for Alternative Finance

The introduction of the new Payment Services Directive II (PSD2) heralds a potentially disruptive force in the financial services landscape, bringing both opportunities and challenges.

PSD2 is a European Union Directive that will be adopted by the United Kingdom, regardless of the outcome of current Brexit discussions. Of course, some of the detail underlying PSD2 may be influenced by UK’s departure from the EU, for example, passporting rights.

It will be implemented into UK law on 13 January 2018, and will affect firms that provide payment services.  The aim is to promote innovation, improve customer protection, make payments safer and more secure and drive down costs.  Encouraging competition, PSD2 promises to give consumers more choice on how they manage their payments and their finances in general.  

The new rules require payment and e-money institutions to be re-authorised or re-registered, and this process has already started in October 2017.

  I explore the regulatory and potential business implications of PSD2 in this article.

PSD2 Under the Microscope

The new regulation could bring widespread change within an industry dominated by the big banks. Revolutionary in its design, PSD2 will allow customers, both businesses and consumers, to use third party providers to help them manage their money better. These third parties will be able to legitimately access bank data from different sources and provide an aggregated view to their customers.  They’ll also be able to initiate payments on behalf of their customers, something that could previously only be done through a bank.

The new regulation compels banks to provide data to authorised or registered third parties through an API (application program interface).

PSD2 introduces two new types of third party providers.  They may well have existed in the past, however outside the regulatory net.  By bringing them into the net, the regulators are assuring greater customer protection. 

Account Information Services Providers (AISP) and Payment Initiation Service Providers (PISP) are both a new creation arising from PSD2.  Both are likely to create totally new business models that sit above banking data. 

AISPs can access banking data from various sources and present a consolidated view to the customer or another party (through consent), allowing them to analyse, for example their spending habits, or total cost of services across all banks.  AISPs can also help companies integrate better with banks, as I will explore in more detail below.

PISPs will be able to initiate payment on behalf of their customer.  For example, a customer could ask a third party to pay their bills from different bank accounts, without having to set up direct debits with each of their banks.  Using the services of a PISP, a peer to peer payment is also possible. 

In addition to introducing these new third-party providers, PSD2 introduces the following high-level changes:

  • Change the regulatory authorisation regime for payment services providers (PSP) and e-money issuers that are not banks or building societies.  They bring more organisations into scope and allow for a full authorisation and a lighter touch registration process for smaller PSPs, below a certain threshold.
  • Authorised PSPs can passport their services across the European Union (of course, subject to outcomes of the Brexit negotiations).  Registered PSPs don’t unfortunately have this privilege.
  • Narrowing the scope of regulatory exemptions, and requiring a notification process under certain exempt conditions.  These changes will bring greater certainty; however, it will also impact the business models of firms currently operating outside PSD1.   
  • Enhancing rules on ensuring greater security on customer authentication and communication.  The European Banking Authority (EBA) will develop technical standards for strong customer authentication, requiring a two-factor authentication process to verifying customers.  EBA technical standards will extend to protection of confidentiality and integrity of payment service users’ personalised security credentials, to protect against risk of fraudulent activities, especially phishing, which has been prominent recently.
  • Strengthening conduct of business rules and complaints handling process, as well as capping certain fees, such as fees for using credit cards, and fees for unauthorised payment transactions that may exceed an overdraft limit.


So, what are the Implications for Alternative Finance Providers?

Many in the industry, especially peer to peer lenders, are viewing PSD2 as a positive move.  

Firstly, the Open Banking initiative is already heralding an era where banks must open data through APIs.  PSD2 could accelerate this process.  Alternative finance providers can testify to the frustration of obtaining their client money account information in electronic format. They need this data to carry out client money reconciliation daily.  Without electronic data, many are left to screen scrape and dump data in an excel spreadsheet.  There are progressive banks who are willingly providing an integrated service to P2P lenders, however, this is not common across the board.

When taking payments from borrowers, fundraisers and investors, many smaller platforms rely on direct debits initiated by their clients.  There are third parties who provide a direct debit service, however, the costs are high and eat into already thin margins.  PSD2 open the doors for more PISPs into the market, increasing competition and lowering prices, as well as providing platforms with greater choice.

Using AISPs, marketplace lenders can have access to detailed financial data from various sources, to better inform their credit decisioning process.  In the absence of data, especially for small businesses, these alternative lenders have had to rely on unconventional sources such as social media and consumer forums to gain better insight on their borrowers.  

Many platforms have developed proprietary algorithmic based technologies that enable them to collate and analyse a myriad of data points to turn it into a credit score.  A model is however a model and no substitute for a scoring system that relies on actual data, rather than an inference from qualitative sources.

Through third parties’ AISPs, lenders can now tap into months if not years’ worth of bank transactions to inform their underwriting process.  Through one channel, they can also interrogate multiple bank accounts and different banks, with the consent of the borrower.  

The outcome could lead to a more stable loan book with higher quality and a lower default rate.  These alternative lenders could also extend more credit, helping the small business sector to grow and make a bigger contribution to GDP.

Bear in mind however that with more data at hand, comes more responsibility to safeguard it.  GDPR is another significant regulatory change programme that will intensify requirements to safeguard this new access to data.


Would Alternative Finance Providers need to be Regulated?

On the face of it, and with a standard peer to peer lending or crowdfunding model using third party payment providers or credit agencies, such alternative finance firms are unlikely to be directly affected by PSD2.  In other words, they will not need to extend their scope of permissions.  They can enjoy the significant benefits that this new legislation could bring without the added burden of compliance.  

However, the devil is always in the detail.  Some of your activities may well come within the ambit of PSD2, requiring you to be authorised or registered.  Take for example this case study.  Imagine if you aggregated borrower data from various sources, using a third party provider.  You then provide this data to your investors to help them make a more informed investment decision.  You may also develop algorithms using this data to better match lenders to borrowers.  Seems harmless, and after all, you are procuring the data through a regulated third party provider, giving you and your Board comfort.  

However dig deeper into the requirements of PSD2, and you could be deemed to be carrying out regulated activities carried out by an AISP.  This is just one example of possibly many other examples where PSD2 could affect alternative finance lenders. 

In my experience, the scope of any new regulation is never clear-cut.  Many alternative lenders are likely to respond with an “I won’t be affected by PSD2, so need to do nothing” response.  Others may be too busy to go through a lengthy exercise of assessing whether any activities in their business fall within the new regulatory framework.   The onus is on you to ensure that your business, at the most granular level of operation, is not caught by PSD2.  Don’t ignore it. Get external help if you don’t have bandwidth within the current team.  External assurance will also provide your Board with peace of mind.

Apart from the regulatory implications, PSD2 will open up new opportunities for alternative finance providers to expand their offering.  A deeper understanding of this new framework will also bring insights into how best the benefits can be leveraged. 

Some business may also be under threat by the changes brought about by this new regulation.  Like a regulatory assessment, you should carry out a stress and scenario analysis of PSD2 on your long-term business objectives.

Jay Tikam is founder and managing director at Vedanvi
Jay can be contacted at jay.tikam@vedanvi.com 

Vedanvi is a professional services firm helping innovative financial services businesses accelerate growth, manage risks and deal with complex regulatory change.
Find out more at www.vedanvi.com

Comments