Scheming about Open Banking Schemes
Nearly five years ago, I wrote an article called scheming about standards. It was about PSD2 before PSD2 went live and it concluded that to make payments work, the industry needed to cooperate.
This belief led to the creation of the Open Banking Europe programme, which brought together Banks, TPPs, Service Providers, QTSPs, and even National Competent Authorities. It led to the creation of a central European Directory and thousands of words of analysis, documents, webinars, slides, infographics, and thought leadership on what it takes to implement Open Banking. The GURN standard for TPP identification, the TS 119 495 standard for PSD2 certificates, and more recently a JWS standard for API signing were established.
Since 2016, we have seen PSD2 implemented, the RTS deadline, and the Open Banking Europe Directory in live operation, and over a year later the industry is still searching for solutions. We have eight standards organisations, each producing their own standard. Now as we enter 2021, we are discussing schemes.
What do we mean by a scheme?
Schemes mean different things to different people but here I am going to define a scheme as a collection of rules to which market players adhere. Such rules can be technical, operational, or legal. They can be prescriptive, or recommendation based. They can operate between financial institutions, or they can reach the end customer. They can be a page long or span 20 volumes. They can be private or public. They can be national or pan European or based on sector. They can be driven by regulators or not. They can be open or closed. Generally, there is a split between scheme and infrastructure.
Visa and Mastercard both run customer-facing branded schemes. The European Payments Council run several schemes. I worked on the SEPA Credit Transfer scheme and two Direct Debit schemes. These schemes are unbranded and are mostly concerned with the FI to FI space.
Schemes allow competing market players to work together to offer services so that the end-users of the scheme can use a service from any of the providers. The ATM card issued by my bank works in my bank’s ATMs. Because there is a scheme, my ATM card also works in nearly all ATMs, even those of other banks. Win. Win. Win.
All schemes have members, a rulebook a scheme manager and rules around governance. Governance defines who has the right to request changes to the scheme, and who decides which changes get made. Competition authorities keep a sharp eye on scheme governance to prevent incumbents using scheme membership rules to keep out innovators and block competition.
Schemes are very hard to set up, especially across multiple stakeholders. Setting up a scheme is a slow process. Generally, schemes swap the speed and agility that comes from moving alone for the stability, reach and ubiquity that comes from moving together. The last 25 years are littered with failed “nearly-schemes”. If schemes work, they are extremely powerful, as they can define an entire ecosystem. Sometimes for decades.
We have just finished delivering PSD2. Does Europe need schemes, as well?
The access to account measures in PSD2 were designed to stimulate competition while laying down some rule on security. It is probably too soon to say whether these have worked; it seems the work is not finished. In October 2020, the European Commission published an entire digital finance package which includes a digital finance strategy and digital retail payment strategy, each of which have multiple priorities, recommendations, and actions. Schemes are mentioned a lot.
One concern is that if I want to buy a cup of coffee from around the corner, I will probably use a method of payment that is based on an American scheme. Even if I live in a country that has ‘alternative methods of payments’, those methods of payment will not work in neighbouring countries or the other countries of the European Union. We have instant payments, APIs, mobile phones, contactless, QR codes, scanners, readers, Near Field Communication (NFC), etc.
For whatever reason, PSD2 is still an unfolding story across Europe. There are (at least) five contenders for new schemes that will be closely watched in 2021 to see if they have sufficient energy to get onto the launch pad.
SEPA API Access Scheme
The European Central Bank chairs a stakeholder panel called the Euro Retail Payments Board (ERPB), which meets every six months to assess and catalyse the European Payments Industry. Euro Retail Payments Board (ERPB) (europa.eu). In 2018, they created a SEPA API Access Scheme working group when people started doubting that PSD2 would deliver the expected results. On 13th June 2019, this group published a Report from the ERPB WG on a SEPA API Access Scheme (europa.eu).
However, future work of this group was put on hold by the ERPB as PSD2 had not yet gone live and therefore the results of its implementation unknown. There was a lot of lobbying and positioning going on at the time about what was and was not within the scope of PSD2. There were fundamental differences between the supply side (banks) who were happy to participate provided they were paid for functionality that went beyond the legal minimums, and the demand side (API users or "TPPs") who wanted this functionality for free.
In November 2020, this was picked up again, and there is now a working group co-chaired by Tink and Deutsche Bank, with six sub-groups looking at whether such a scheme should go ahead and what such a scheme should look like.
"In order to reap the full benefits of PSD2 [..], the ERPB agreed that the working group should define the key elements of a Scheme. These key elements shall be developed with the legal and regulatory requirements of PSD2 constituting the "baseline", [..] but also going beyond such baseline to encompass value-added (‘premium’) services that may be provided in the context of "open banking" as a natural evolution of PSD2 within the contractual framework of the Scheme".
Arturo Gonzalez Mac Dowell, president and CEO of Eurobits, one of the two co-chairs of the ERPB working group for the SEPA API Access Scheme, sees that such a scheme has a potential to go far beyond payments. “The work has the potential to be the foundation for a scheme where information asset holders and transaction asset holders of all asset classes, beyond payments, and eventually beyond finance exchange information and transactions with asset brokers. This could be the catalyst for the deconstruction of many analogue value chains that would be reconstructed in a way that is better suited for a digital world."
Normally the ERPB restricts itself to Payments, but the mandate of the scheme seems open to Account Information services and Open Data. One of its key strengths is that all stakeholders can collectively discuss matters under the eye of the regulator. However, getting an agreement that translates into operational reality will be a challenge.
SEPA Request to Pay
SEPA Request to Pay is a scheme created by the European Payments Council (EPC) to “allow a Payee (Creditor) to request the initiation of a payment from a Payer in a wide range of physical or online use cases”. The scheme stresses the benefits of end-to-end reconciliation, historically a headache for corporates and merchants when using ACH payments. The EPC also stress interoperability, reachability and a standardised set of responses for a Request to Pay message “Accept Now, Accept Later, Pay Now, Pay Later”.
The work is well advanced. A rulebook has been created and written, and preparations are being made to launch the scheme as soon as the ’RTP Trust and Security Framework’ is finished in June 2021. There were two drivers around the creation of this scheme. The e-invoicing community saw the need to standardise the payment request, while the ECB and others were pushing hard for a mechanism to provide real-time information wrapper for European Instant Payments. There were also concerns about the proliferation of successful but national solutions like Payconiq in Belgium.
The result is something that looks like it should be a PSD2 Payment Initiation Service (PIS), but everybody involved is very clear it is NOT a payment, nor a payment initiation (both of which have regulatory connotations). It is, they say, simply a request for payment. Furthermore, the SEPA Request to Pay scheme is not itself a customer-facing scheme. It is an industry scheme on which other players can build customer-facing schemes. This is a similar approach to the UK which also launched a Request to Pay scheme last year.
This is subtle stuff, but similar methods have been used very successfully with the various Online Banking electronic Payment (OBeP) schemes including iDEAL in the Netherlands, MyBank in Italy, EPS in Austria, and Giropay in Germany. Although the EPC would/could argue that as Request to Pay can be used in face-to-face situations or other non-real-time cases it has a wider application than the OBeP scheme which tends to be online only.
For those who enjoy terminology, SEPA RTP is not the same thing as the UK Request to Pay which went live in May 2020. EBA CLEARING’s Request to Pay (R2P) platform is built to support SEPA RTP. And finally, do not talk to Americans about RTP in this context as they will instead understand "Real-Time Payment".
European Payments Initiative (EPI)
EPI is the first properly "private" initiative on the list. Discussed between the cognoscenti in 2019, it was announced in a press release in July 2020 by sixteen banks from major Eurozone countries. Worldline and Nets joined in November 2020 and an EPI interim company was created in December 2020.
According to their press release "The ambition of EPI is to create a unified pan-European payment solution leveraging Instant Payments/SEPA Instant Credit Transfer (SCT Inst), offering a card for consumers and merchants across Europe, a digital wallet, and P2P payments".
Discussions around this topic have been held with a certain level of secrecy. This is partly because it is a private arrangement but also because the French and the Germans are still working out how it will work and whether it is fundamentally a card or payment scheme. What is clear however is that a lot of energy has been spent discussing governance and business models with DG Competition and the DG FISMA.
News around this scheme is eagerly sought and expectation high. However, millions of euros of investments are required to bring this into being and to deliver something better and cheaper than the current American and Chinese offer. Initial news of the scheme has been welcomed by The European Central Bank.
Clearly, there are formidable, names, resources, and talent around this initiative. But there is also something refreshingly simple about it. There are no data aspirations just a focus on helping people pay, whether by phone, app, or plastic card.
There will be natural concern that it does not follow in the footsteps of the ‘Monnet project’ which fizzled out after a similar group of banks got together to create a European card scheme during 2010.
PSD2, Open Banking, and Open Finance
You can argue that it is not really a ‘scheme’, as it is pure legislation, but it has the effect of bringing together a group of authorised entities who play by a known set of rules and standards defined by the legislators.
PSD2 came into being in January 2017. The Access to Account provisions followed 18 months later. Many will say that it has not really worked. They will point to friction caused by SCA provisions, the 90- day re-authentication requirements, the perceived obstacles put in front of TPPs by banks, the fragmentation of standards, etc.
A much better statement is that PSD2 has not yet reached its potential. After an immense learning curve, the banks have created APIs that work. TPPs are integrating into them and coming up with ever more customer propositions. Banks are modernising and integrating new mobile authentication mechanisms to make the SCA easier. We are seeing APIs being offered that go beyond the minimum PSD2 requirements (see Nordea’s developer portal as an example), and the standards are being extended to cover non PSD2 use cases. The term “Open Finance” has emerged to cover functionality that goes beyond compliance, and Open Data is still a massive topic.
The Berlin Group is working on Open Finance standards, and they have an advisory board that is feeding them with ideas and requirements for “Schemes” against which to build standards. The output of this will be something to watch.
PSD2 Open Banking in its purest form still misses some key elements – a helpdesk and dispute resolution. In the UK, these were provided centrally by the Open Banking Implementation Entity (OBIE) mandated by regulation and funded by the largest nine banks. If Open Finance is to achieve its potential, it will need managing and operating.
As Open Banking evolves it may remain ahead of the fledgeling schemes that are described in this article. As they say, “a bird in the hand is worth two in the bush.”
Working together globally.
The four ‘schemes’ described here ignore completely the successful national schemes that exist and are much loved by their users - Swish, Payconiq, iDEAL, MyBank - not to mention proprietary arrangements such as ApplePay, PayPal, or even Libra.
The “scheme” discussion is not limited to Europe. Other countries are weighing up central infrastructure needs alongside the necessary legislation and standards required to create desired outcomes.
Whether it is in Europe or overseas, Open Banking Europe has created a framework for rolling out such implementations as they all have the same building blocks, chapter headings and need for a level of infrastructure.
As I wrote nearly five years ago, there is a need for “onboarding processes and certification processes, the central registration directory, the dispute management process, the change management process, and the business rules that go with technicalities (refunds, reconciliation, customer experience) and the agreements that bind the parties to a common way of working to avoid fragmentation”. This is true of all four schemes discussed here.
As 2021 progress we will see whether the different schemes compete for traction or whether they start to merge into each other; with the example of Request to Pay being a specific use case of Open Finance. Maybe we need them all and will have them all – each with their own position. Time will tell.
This article has been written as part of the Open Banking Europe initiative. To access our resources, join our webinars or get involved, please contact us at https://www.openbankingeurope.eu/