psd2 compliance solution open banking

Media 7 mins reading time

Instant PSD2 Compliance Solution, Monetization-Ready

The European Oracle Fintech Innovation Program publishes articles offering insights from curated Fintech partners. This article is based on an interview with Rik De Deyn, Senior Innovation Director at the Oracle European Fintech Innovation Program, and Stefan Hamm, CEO of adorsys.

Rik DE DEYN, Sr. Innovation Director, Oracle: Welcome Stefan.  Over the last couple of months, it’s been a real pleasure to get to know you and the group of PSD2 specialists in your organization.   The PSD2 initiative has always struck me as a potential catalyst for Open Banking in Europe.  Is that how European banks and corporates see PSD2, and where are they with their timelines?

Stefan HAMM, CEO, Adorsys: With PSD2 (Payment Services Directive 2), entrepreneurs have a real alternative to credit card schemes, as real-time transaction processing opens new possibilities. Since PSD2 is a regulatory EU directive, financial institutions are required to provide the appropriate service in time.  In contrast to SEPA (the Single Euro Payments Area), there is no central authority like the European Payments Council (EPC), that creates and maintains the commercial, banking and technical PSD2 framework.

The banks that are looking at becoming ASPSP’s (Account Servicing Payment Service Providers), and the TPP’s (Third Party Provider) that want to be AISP’s (Account Information Service Providers) or PISPs (Payment Initiation Service Providers), will have access to customer accounts (XS2A) of financial institutions.  These parties have been invited to get ready for March 14th, 2019 when the testing phase of the new application programming interfaces (API’s) will start. API’s are the technical mechanism that will allow banks to share customer data with TPP’s securely.

The official live start date for PSD2 is Saturday September 14th, 2019. To prevent a Friday-the-13th-disaster, all services must be up and running by then, and all PSD2 participants must have their processes certified by the regulator.

We are now three months before the commitment to be ready for testing, and because the directive has different national regulatory frameworks, it is becoming apparent that the EU has 6 or 7 different API standards, like the ones from STET and Open Banking UK. We think that about 80% of the banks will use the NextGenPSD2 format from The Berlin Group, with individual adaptations. We also notice that even just under 10 months before the live launch, not all banks have a truly resilient solution. This is understandable, as the regulation requires deep entry in the core systems. Opening these up is not a trivial adjustment.

In defense of the banks, the directive does not provide clear specifications for all details of the technical implementation. This is the reason that much of the lost time went into finding agreements on specifications. Parties that want to go live September 14th will have to largely complete the implementation in June, due to the internal lead times and processes for new products. To reach the March 14th milestone, considerable additional effort will be required.  This will force many of the institutions to find temporary alternative solutions that meet the regulatory requirements. Still, compliance is the highest priority, as non-compliance entails a considerable risk, including liability on the part of the members of the Management Board. The complexity of the implementation, the far-reaching changes and the tight timeframe make the topic so explosive for the banks.

Rik, Oracle: It seems like banks are running out of time quickly.  How can Adorsys help banks achieve instant compliance by March 14th?

Stefan, Adorsys: We have been working hard on a solution that makes banks PSD2-ready almost immediately. Our customers can obtain a PSD2-compliant sandbox environment for the testing-requirement in March.  The core of the work is the so-called XS2A API, which we have implemented in collaboration with our reference customers. There is no need to integrate existing systems, the PSD2 sandbox contains everything you need to operate as a self-supporting service. To take even more pressure off banks, the sandbox is of course cloud-ready and can therefore be used outside the bank’s own infrastructure.

Of course, the sandbox environment can be linked to the bank’s back-end systems for the September go-live.  This allows for a smooth transition to go-live, which will be important for our customer’s customers, and the regulator.

Rik, Oracle: This is great.  But there are many PSD2 solutions out there.  How do you differentiate from your competitors?

Stefan, Adorsys: It always starts with quality people. Our PSD2 team has more than 30 focused employees, including former employees of UBSCredit Suisse and Consors Bank, part of BNP Paribas. In addition to the pure development performance of the PSD2 team, we also ensure professional market engagement.

We have been working on this topic in client projects for a long time and we have achieved a lot.  For example, the sandbox already contains a consent management system.  We now concentrate on additional added value, such as a backend that behaves like a core banking system and enables end-to-end processes, even in the sandbox. But also, for live production, which allows you to not to have to make your inventory system real-time. We are not talking about the future here; the modules are there today.

Rik, Oracle: What are some of the things you hear from your bank customers?  How do they benefit most?

Stefan, Adorsys:  At the moment, the most banks focus almost exclusively on compliance. Understandable, but what will happen after March 14th? We want to make it as easy as possible for the users of the Sandbox to make the transition to the monetization of their PSD2 investments: value-added services for their customers for example, and API-management.  That’s why we have included everything that can already supports the PSD2 live operation.

Even when the banks will be forced to open their live systems, they won’t have to repeat their investment after March 14th, when the race for the customer interfaces will really start.  Those who cannot make monetize their investment will lose importance to their customers. Who wants a new PayPal that uses technology that the bank has built up, with pain and high costs?  With our solutions, we are already ready for the time in which not only the legal framework, but also the commercial exploitation of the technology is becoming the next driver.

And so, we see ourselves not only as a technology supplier. We also help banks find viable models to turn technical investments into business value.

Rik, Oracle: That’s interesting.  Now, how does your collaboration with Oracle improve benefits for your customers?

Stefan, Adorsys: our implementation teams have been around for many years and have built real projects in top-tier banks.  We know Oracle’s strengths and experience in these environments, and Oracle provides technology that allows us to focus on our own solution, instead of having to worry whether the underlying infrastructure will be strong, scalable and secure.  This allows us to convince our customers that we deliver enterprise-ready solutions end-to-end, and they get to a more strategic advantage faster.

However, Oracle’s focus on cloud creates another really opportunity for us.  We want to use Oracle Cloud to deliver our solution almost immediately to interested banks, without long infrastructure procurement cycles.  Time is of the essence, especially for the compliance-sandbox.  For live PSD2 implementations beyond March, we know we can count on Oracle to also help us integrate into the bank’s backend systems.

But also here, it’s about people.  The Oracle Fintech innovation program team has created an open and collaborative environment that allows us to find a business model that works for us.

Concretely, clients can start with a self-contained sandbox delivered through a trusted cloud and then expand into monetization of PSD2.

Rik, Oracle: OK, that’s a great usage of cloud. When will all this be available?

Stefan, Adorsys: The compliance-stage modules are ready today. We have delivered them to several banks as a consulting engagement, and we will soon have productized them on Oracle Cloud. We will continuously extend them to simulate core-banking, create and manage more sophisticated environments for TPPs, and of course keep them compliant to the ongoing demands of upcoming PSD requirements.

Rik, Oracle: This was a fascinating story Stefan.  Thanks again and looking forward to helping your customers find that value in PSD2.