Adam Prince, Vice President Product Management, Compliance & Brexit, Sage
In September this year, the European Union’s second Payment Services Directive (PSD2) went live. As far as end-user businesses are concerned, the goal of PSD2 is to drive down the costs of managing bank accounts and payments and enable teams to get on with value-add activities.
As the directive opens up banking to greater data sharing, automation and secure interaction, the aim is to move finance into the age of ‘invisible admin’, taking away repetitive, non-valuable tasks so that SMEs can focus on driving the success of their business.
In other words, the point of PSD2 is to make finance work for business, rather than the other way around. With that in mind, how will the regulation change working practices – and what do SMEs need to do to ensure they reap the benefits?
How can PSD2 help SMEs?
Under the new rules, systems will be developed that help SMEs to get a much clearer view of where their money is moving. Cashflow is widely regarded as the biggest cause of insolvency among SMEs in the UK – the FSB recently noted that ’80-90% of failures in the sector are due to poor cash flow.’
As a result, it’s essential that they can track where their money is going and ensure that outstanding invoices are followed up. At present, tracking payment and banking details is a hefty administrative task, which means that it either drains valuable resources out of the business, or worse, ends up being left undone.
To address that issue, PSD2 mandates banks to provide APIs (application programme interfaces – essentially sets of interfaces that make it easier for one system to interact with another) to make deeper, automated integration possible. When SMEs’ IT systems can track payments on their own, providing reports on demand to keep the finance team informed, staff can get on with pushing the business forwards rather than chasing up payments.
The UK’s Open Banking framework, which runs in parallel to the PSD2 regulation, also mandates that the nine largest banks must provide a single standard of APIs, so that if a company can interface with one institution, it can interface with them all.
SWIFT, the global banking standards body, also announced in September 2019 its intention to mandate that all banks implement common standards under ISO20022. This unified approach will reduce the number of technical and economic barriers stopping businesses from operating in the way that works best for them – whether they want to work with a challenger or a high street brand.
Security is a priority
This API-driven approach to banking will make life much easier for businesses, but it does come with its risks. Financial data sharing must be done securely or it could cost companies a lot more than admin time. To ensure the required level of security, PSD2 includes a set of Secure Customer Authentication (SCA) rules to ensure that users can be authenticated and that APIs can be accessed securely via common standards. Essentially, this means that SMEs will need to use two-factor authentication to access their data.
The UK’s Financial Conduct Authority (FCA) has announced an 18-month migration period or ‘soft landing’ for this part of the regulation to ensure banks and payment service providers have the time they need to comply. So long as there’s a clear plan in place to achieve compliance, no fines will be levied if the APIs and SCA are not yet in place.
Interestingly, that need for security in digital banking across the globe can be seen in the difference between the way that the EU and Australia have approached their regulations. PSD2 is based on the premise that payments must be regulated to provide APIs – in other words, that banks need more supervision to ensure quality service. By contrast, Australian regulators are working on the premise that financial data is personal data, and customers should be able to access it free of charge – so banks must provide open APIs to make that access possible.
Both approaches end up at the same point from different ends of the scale. In both cases, the customer is at the heart of the regulatory change. As a result, SMEs stand to benefit hugely from increased control over their data and more connected, flexible services – but they must have the right tools in place to access those services.
Banking without cloud is no longer an option
If businesses are to get the most out of the new PSD2 regime, there is a clear need for cloud-based software to ensure they can access all the integrations available. If they don’t have the ability to import financial data, they’ll completely miss the benefits. The alternative is to carry on doing everything manually, spending time doing reconciliation by hand, always working on cash flow data that is out of date, missing customers who fail to pay you and making avoidable manual errors.
Businesses that work with an experienced financial software provider also stand to benefit from assistance as the industry goes through the final roll-out of PSD2. Most large banks are ready for API integration and secure customer authentication from the September launch date, but some banks are a bit behind the curve, which may cause some businesses functional problems in the short term. It’s essential to work with a partner that can continue to make access to essential financial data available despite these growing pains.
PSD2 was developed for the benefit of businesses and individuals across Europe. We live in an era of unprecedented information exchange, and regulations like PSD2 point the way to a more connected, user-friendly, flexible and intelligent way of working. Compliance with PSD2 will ultimately bring a host of benefits so long as the correct security measures are put in place – far from a burden, this is the start of a brave new world.
Now is the time for SMEs to move to a cloud-based financial platform – and unlock the full value of open banking.