By Jason O’Shaughnessy, Head of International Business, Envestnet | Yodlee
More than five years ago, Britain’s competition watchdog warned that the big banks didn’t have to do much to keep their customers’ business. At the same time the smaller, challenger banks found it hard to grow.
Open banking was the solution. The intention was to enable challengers to shake up the financial services market, while allowing bank customers to share their data with third parties that could provide services such as apps to manage their budgets. Open banking is an ambitious programme, and the UK was one of the first countries to attempt an overhaul of the incumbent financial services industry. As other countries look to rollout open banking, it is worth reflecting on whether any mistakes were made, with the hope that they are not repeated.
A key piece of open banking legislation is the Payment Services Directive II, commonly known as PSD2, which requires that every 90 days, payment service providers have to get their users to reauthenticate and give permission to remain connected to third party providers. Simple enough but the experience of the industry so far shows that it presents a serious and fundamental roadblock for consumers. A passion-killer in a sector where customer inertia rules – the very reason why open banking began in the first place.
One third-party provider found the number of inactive users on its platform spiked more than six times – from 6.9% to 44%, according to FDATA, an open banking trade association. It wasn’t that the users were complacent, or that they did not value the new services. It was the confusion among users the 90-day reauthentication rule caused. The UK government’s business department noted that 90-day reauthentication confused consumers, who were left with unanswered questions as to whether this had any implications for the terms and conditions with third party providers, or what impact this would have on the data they had already shared.
For the start-ups seeking to drive innovation it was a roadblock on the customer journey. After all, they were in the business of collecting data to create new products that would serve consumers and foster greater innovation and competition in financial services. Now they were struggling to maintain consistent data sets which were the foundation of their products.
The European Banking Authority, the EU’s industry regulator, has so far resisted calls for change from the industry. It issued a report in June last year arguing that the 90-day rule was not an obstacle – despite fierce opposition and copious evidence of the damage it caused to users’ experience. It also saw little harm in leaving the ultimate responsibility with large payment-service providers; in effect, it left the keys to customer data in the hands of the very institutions that open banking was created to challenge.
In the UK, the Financial Conduct Authority (FCA) has started to take a different approach. It launched a consultation that acknowledged the significant issues with the 90-day rule, such as both consumers and small businesses making decisions based on out-of-date data. One third-party provider had a churn rate of 40% despite almost all its customers being satisfied with its service, the FCA found.
Countries considering open banking should look closely at the FCA’s findings. It recommends that the 90-day rule should no longer apply to the smaller third parties who seek only to access account information to build products and services, and do not seek to provide payment services to consumers. Large payment-providers will still need to seek reauthentication every 90 days. That will allow the innovative start-ups to work with stable data sets, creating the competitive market open banking was intended to herald.
There are some crucial lessons here. Open banking has the potential to disrupt global financial services in a sector that does not always serve the consumer well. Consumers are naturally cautious about sharing their information, which can lead to confusion. When countries roll out open banking, they need to do so confidently and decisively, and they need to tackle that consumer misunderstanding. And with regulation, they need to be certain there are no unintended consequences such as those created by the 90-day rule.
The solution to the confusion around the 90-day rule was intuitive. If consumers don’t understand a question, then it’s no good endlessly repeating it. And regulators need to take stock of the evidence.
 Financial Data and Technology Association, The Unintended Consequences of PSD2 RTS, May 2019