By Adam Prince, Vice President Product Management, Sage
A seismic and positive change is coming for the financial and accounting industries with the introduction of the European Union’s (EU’s) Payment Services Directive 2 (PSD2) regulation. The future of banking and payments is digital, and this regulation marks a shift towards creating a more secure and streamlined digital space for customers to make transactions. At its core, PSD2 heralds two major benefits; firstly, it will push innovation for today’s digital consumers, and secondly, it will give them more control over their data.
The benefits for banks are obvious: higher-quality banking data, faster responses to customer feedback, higher levels of security and reduced fraud. The picture is similarly positive for their customers: increased privacy rights and greater competition among financial-services providers leading to reduced costs and more flexible ways to bank and make payments.
PSD2 will help bring financial regulations up to date for a world that has gone fully digital. The many benefits of digital technology are long overdue in the finance and payments industry—and, indeed, we’ve already seen the rise of highly effective tools such as online banking and in-app management. PSD2 goes deeper, though—changing the fundamental culture that governs interactions between banks and their users. PSD2 is meant to make finances work for business, rather than the other way around. With that in mind, how will the regulation change working practices—and what do small and medium-sized enterprises (SMEs) need to do to ensure they reap the benefits?
How can PSD2 help SMEs?
Under the new rules, systems will be developed that will help SMEs to get a much clearer view of where their money is moving to. Cash flow is widely regarded as the biggest cause of insolvency among SMEs in the United Kingdom—the Federation of Small Businesses (FSB) recently noted that “80-90 percent of failures in the sector are due to poor cash flow”. As a result, it’s essential that they can track where their money is going and ensure that outstanding invoices are followed up. At present, tracking payment and banking details is a hefty administrative task, which means that it either drains valuable resources out of the business or, worse, ends up being left undone.
To address that issue, PSD2 mandates banks to provide APIs (application programming interfaces—essentially sets of interfaces that make it easier for one system to interact with another) to make deeper, automated integration possible. When SMEs’ information-technology (IT) systems can track payments on their own, providing reports on demand to keep their finance teams informed, staff can get on with pushing the business forward rather than chasing payments.
The UK’s Open Banking framework, which runs in parallel to the PSD2 regulation, also mandates that the nine largest banks must provide a single standard of APIs, so that if a company can interface with one institution, it can interface with them all.
SWIFT (Society for Worldwide Interbank Financial Telecommunication), the global banking-standards body, also announced in September 2019 its intention to mandate that all banks implement common standards under ISO 20022. This unified approach will reduce the number of technical and economic barriers stopping businesses from operating in the ways that work best for them—whether they want to work with a challenger or a retail bank.
Security is a priority.
This API-driven approach to banking will make life much easier for businesses, but it does come with its risks. Financial-data sharing must be done securely, or it could cost companies a lot more than admin time. To ensure the required level of security, PSD2 includes a set of Secure Customer Authentication (SCA) rules to guarantee that users can be authenticated and that APIs can be accessed securely via common standards. Essentially, this means that SMEs will need to use two-factor authentication to access their data.
The UK’s Financial Conduct Authority (FCA) has announced an 18-month migration period or “soft landing” for this part of the regulation to ensure banks and payment-services providers have the time they need to comply. So long as there’s a clear plan in place to achieve compliance, no fines will be levied if the APIs and SCA rules are not yet in place.
Interestingly, that need for security in digital banking across the globe can be seen in the differences between the ways in which the EU and Australia have approached their regulations. PSD2 is based on the premise that payments must be regulated to provide APIs—in other words, that banks need more supervision to ensure quality service. By contrast, Australian regulators are working on the premise that financial data is personal data, and customers should be able to access it free of charge—so banks must provide open APIs to make that access possible.
Both approaches end up at the same point from different ends of the scale. In both cases, the customer is at the heart of the regulatory change. As a result, SMEs stand to benefit hugely from increased control over their data and more connected, flexible services—but they must have the right tools in place to access those services.
Banking without the cloud is no longer an option.
If businesses are to get the most out of the new PSD2 regime, there is a clear need for cloud-based software to ensure that they can access all of the integrations available. If they don’t have the ability to import financial data, they’ll completely miss the benefits. The alternative is to carry on doing everything manually—spending lots of time completing reconciliation by hand, always working on cash-flow data that is out of date, missing customers who fail to pay and making avoidable manual errors.
Businesses that work with an experienced financial software provider also stand to benefit from assistance as the industry goes through the final rollout of PSD2. Most large banks have been ready for API integration and secure customer authentication from the September launch date, but some banks are a bit behind the curve, which may cause some businesses functional problems in the short term. It’s essential to work with a partner that can continue to make access to essential financial data available despite these growing pains.
PSD2 was developed for the benefit of businesses and individuals across Europe. We live in an era of unprecedented information exchange, and regulations such as PSD2 point the way to a more connected, user-friendly, flexible and intelligent way of working. Compliance with PSD2 will ultimately bring a host of benefits so long as the correct security measures are put in place—far from a burden, this is the start of a brave new world.
The future of finance
Such sweeping change always has its teething problems, and as a result, there are some practical issues that need to be addressed to ensure smooth running during the first months after the PSD2 deadline. For UK businesses that are working out how the changes will impact their processes, it’s essential to work with the right partners to ensure data transfer continues to happen as smoothly as possible.
It’s important that businesses don’t have to take on the full administrative workload of changing the way their systems work and comply with PSD2. By working with an experienced technology partner, companies can get full access to their usual functionality during the change and keep up to date with any further changes—without having to get into the nitty-gritty of APIs and authentication measures.
That partnership is something we take very seriously. At Sage, we have been working to ensure our customers are compliant with this regulation for a long time. Our priority is to help them navigate the changes, understand the impact on their businesses and guarantee that they can thrive as a result.
Although businesses are often reluctant to enact change, PSD2 will ultimately prove itself to be a positive piece of legislation. This change needs to happen given the prevalence of digital services in payments and banking, as well as the increasing demand from consumers for more bespoke and comprehensive services. If banks are quick to put plans in place, then the payoff will quickly be realised in terms of money saved and improved customer service.
