What are the reasons for this? There are three possible explanations. These organisations may simply not understand that they need to comply with the regulation, they may not have prioritised it yet, or, they may feel that any penalties imposed by the FCA won’t affect them.
Whatever the reasons, these figures are concerning, particularly as the number of Third Parties continues to rise. At the end of May 2020, there were a total of 330 TPPs approved to provide services across Europe and, with Covid-19 forcing many people to work remotely, strong demand for new services is increasing.
Dispelling any confusion as to which organisations might or might not be in scope of the regulation, in the FCA handbook, a ‘transactional account’ (the term used under PSD2) is defined as a ‘Payment Account’:
“an account held in the name of one or more payment service users which is used for the execution of payment transactions”
An independent researcher contacted 76 EMI brands in the UK1 to find out whether they had a PSD2 Open Banking API in place.
The results were consistent. 56 of the 76 EMI Brands that were contacted with live products in the UK market do not currently provide a PSD2 Open Banking API developer portal offering either a Modified Customer Interface (MCI) or API Interfaces to meet the PSD2 Open Banking requirements.
Of the 20 organisations that are compliant, the information is hard to find. Only 13 of them publish access through their website Home page. API portal access for the other seven can only be found via searching on Google.
The consequences of not being compliant are many. The FCA will surely soon embark on the enforcement campaign they announced in February that would take place at the end of the adjustment period. This stated that Financial Institutions:
“need to have compliant systems in place by the end of this adjustment period. If companies do not they will be in breach of the PSRs 2017 and SCA-RTS and could be subject to enforcement action by the FCA.”
However, what should be more of a concern is the failure to see the opportunities for innovation that Open Banking brings and consumer demand for these new exciting products and benefits. Those who fail to comply will surely be left behind.
1Polymath Consulting was contracted by Konsentus as an Independent Researcher. They contacted 76 Brands between 20th April and 8th May 2020. Note: Many of these Brands have multiple products i.e. ‘Pay Monthly’, ‘Pay as you Go’ and ‘USD/EUR/GB cards’. The figures quoted are for the main brands only and do not take into consideration the multiple products the regulation also applies to.
Konsentus provides confidence in Open Banking. Our Software as a Service (SaaS) solution, Konsentus Verify, consolidates data from a multitude of regulatory databases and registers, providing the information to our customers in real-time enabling them to comply with PSD2 Access-to-Account. Issued through simple cloud-based RESTful APIs, our easy to implement service helps Financial Institutions reduce risk, limit liability and fight fraud by ensuring data is only ever given to legitimate and regulated Third-Party Providers (TPPs).
Headquartered in the UK, with operations across Europe, our world-class TPP identity and regulatory checking solution, Konsentus Verify, gives Financial Institutions the confidence they need to grow their business whilst knowing their customers are protected and they are delivering against regulatory requirements. Konsentus is ISO27001 certified.