2018 will probably be the year in which the bank's business model is really put to the test. The forthcoming implementation of the Revised Payment Service Directive (PSD2) means that banks no longer have exclusive rights to transaction and information services for their customers. This will allow new companies to enter the competition and compete to offer the best customer experience.
PSD2
The payment directive that threatens the bank's business model
By Carl Christian Ellingsen, Knowit Experience consultant
Fact box:
Background for the regulation
The EU directive seeks to stimulate increased cross-border trade, and therefore sees the need to facilitate increased competition in the payment services market. PSD2 aims to promote innovation, enhance the security of online payments and account access, as well as improve cooperation opportunities between players within the EU/EEA. The requirements for security and interaction of electronic services were adopted 13 January this year and will have an establishment period of 18 months. The Berlin Group is currently developing what appears to be the most promising standardization initiative in the EU, and the first launch of the interface specification was published on 8 February this year. The EU Directive also opens up for national adaptations, which requires that a Norwegian model be prepared and adopted by the Norwegian Parliament. These requirements will probably not be fully regulated until the last half of 2019.
New players enter the market
PSD2 allows both private individuals and businesses to gain access to third party players (TPPs) to control and provide access to their financial values. In practice, this means that we as consumers can choose to use bank services that are no longer offered by a bank. For example, we may use Google to pay for various services, while using an aggregator application such as the Swedish service Tink to get a full overview of all the assets we hold, all while ensuring favourable savings and borrowing interest rates. Together, this leads to the banks being forced to change their business models so as not to lose their foothold with customers and thereby miss important revenue streams.
Vipps, Swish and Tink are the new vine
Two new categories of players will arise for the most part as a result of the new payment directive: PISP and AISP. Payment Initiation Service Providers (PISP) are payment service providers that initiate payments on behalf of the user. Norwegian VIPPS and Swedish Swish are both examples of this. In the long run, we may see more competition with VIPPS by both Norwegian and international players, who are all trying to reach the customer during the actual payment process.
"Banks are forced to change their business models so as not to lose their foothold with customers and thereby miss important revenue streams."
Account Information Service Providers (AISP) provide account information services that aim to provide the customer with a comprehensive overview of financial values across all banks and analyse customer behaviour, in order to offer specific solutions to customer needs. Swedish Tink provides customers with a complete overview of all their different bank accounts and offers free the transfer of both savings and loans to the bank that offers the best terms. As soon as the Norwegian regulations come into force, there is a excellent chance that companies like Tink will enter the Norwegian market and offer such services. AISP players will remove direct contact between the customer and the bank, thus pose a threat to banks who themselves want close customer contact to create customer loyalty.

Innovation versus risk
Despite the fact that Norwegian regulations have not yet been established, some banks choose to adapt to the future by opening their interfaces to third parties interested in building financial services on top of the bank's existing infrastructure. Sbanken was the first to let customers develop their own banking services through open APIs, thus taking a standpoint as to how they choose to adapt to future regulations. Most other Norwegian banks have a good service catalogue with available APIs.
"AISP players will remove direct contact between the customer and the bank, thus pose a threat to banks who themselves want
close customer contact to create customer loyalty."
Open APIs provide the foundation for innovation, but also increase operational risk by also allowing third parties access to customer data that previously only the bank had access to. Customer authentication and clear communication between banks and third parties are crucial for maintaining security, while at the same time the sharing of responsibility between the players needs to be determined. The EU directive has not provided detailed provisions here, but the European Banking Authority (EBA) is currently working on technical standards (RTS), which will eventually be adopted by the EU. There has been frustration previously with the absence of standards, and some banks are afraid that they will be very exposed to changes within the industry when the regulations first take place.
The battle over customers
Competition has never been tougher for "customer touchpoints" and secure customer data. Banks will have to enter into partnerships that strengthen their position as suppliers of future banking services. They can no longer focus on transactions and liquidity management but will have to take a deep dive into the customer journey. The customer data currently owned by banks is likely to be their biggest competitive edge when facing off with new competitors. Banks have always had a monopoly regarding transaction data on and communication with their own customers. PSD2 will remove this competitive advantage soon, and it is important that banks have a clear strategy on how to adapt to this change. As soon as PSD2 is implemented, the degree of transparency will increase when it comes to the pricing of products and services. This will probably increase price competition. Automation processes that continually shift savings and loans among banks will further increase price competition, which will require banks to evaluate their strategic positioning in order not to end up in the middle and not be able to deliver on price or quality.
"Banks can no longer focus on transactions and liquidity management, but will have to take a deep dive into the customer journey."
Nordic banks with a good starting point
Despite the fact that PSD2 opens up for more competition in the banking market, it also has great opportunities. Nordic banks are among the most digitally advanced in Europe, while also being trusted by their customers. Banking services are not just about technology and user friendliness but also about trust. If third party players fail to win the customers' trust, there is a excellent chance that banks will manage to keep their roles as credible financial players, and that customers will not want to share their data with anyone other than their bank.
DNB has chosen to open up broad ownership in Vipps, thereby creating room for cooperation between Norwegian banks. Vipps dominates the market for P2P transactions and is further strengthened through the recent merger with BankID and BankAxept. The merger of these companies occurs before the implementation of PSD2 and provides a clear signal to foreign players that the Norwegian banking market is ready and prepared. In addition, Norwegian banks, Innovation Norway, Norway's Research Council and SIVA have now joined forces to create Finance Innovation, a Norwegian fintech cluster aimed at strengthening financial services in Norway as well as facilitating the export of these services.
IT responsibilities are transferred to senior management
It is not easy to predict what the next two years will look like. What we see now is that most banks are taking the implications of PSD2 seriously and are going through weighty processes to shake themselves up for a future that has never been so unpredictable. Up to now there has been a large gap between organizational culture and the demand for agile changes in the banking industry. This has to change. Responsibilities that previously existed at IT level must instead be taken to the highest level in the organization to ensure organizational agreement on strategic choices. In order for banks to win the competition for future customers, they will have to look at this regulation as an opportunity to digitize the banking experience and provide services that put the customer's needs at the centre.