Succeeding with PSD3 by learning from PSD2

Different approaches to PSD2

When PSD2 came into force in 2016, there were different reactions. A common one was to think that it was very expensive and only necessary for compliance reasons. It’s fair to say that some banks considered PSD2 only as a burden. It’s also true that PSD2 was a handful (or two!) for banks to implement.

It has not always been a smooth ride, but in Nordea we also saw the regulation and the technology shift that came with it as a commercial opportunity. In fact, we had already started to build our API platform in 2015, before PSD2 came into force in 2016. Since we were building an API platform anyway, we didn’t consider it a burden to comply with the PSD2 regulation. Our thinking was that the solutions we build for compliance are reusable as commercial products as well.

We assumed that corporate customers don’t necessarily want to work with fintech companies as middlemen. Instead, they put more trust in traditional banks. Considering our corporate customers’ strong interest in our commercial APIs, this assumption has proven to be correct. To this day, the ability to focus on both compliance and commercialisation at the same time is something that makes Open Banking in Nordea special.

What to expect from PSD3

It’s no secret that PSD2 is complex and sometimes difficult to define. The evidence speaks for itself: Between 2016 and 2022, the European Banking Authority (EBA) released 6 technical standards, 8 sets of guidelines, 8 opinions and more than 200 Q&As.

So what can be expected from PSD3? Based on our long PSD2 experience and our close interactions with third-party providers, we acknowledge that there are areas that are not working as PSD2 intended and should be adjusted. Replies to the European Commission’s call for advice around the PSD2 review to a large extent confirm our view of the situation.

Based on this, I predict that while PSD3 will not, in the words of the European Commission, be "a revolution but an evolution”, it will still mean substantial implementation for banks. Extensive development will likely be needed to live up to the new PSD3 requirements during the coming years.

For this reason, I think a good advice to all those impacted by PSD3 is to start the implementation as soon as possible, even when the legislation is still at the proposal level. Starting early is one of our main learnings from the PDS2 implementation. If we could turn back time, we would have started even earlier. However, there is a balance to consider. Starting early is, of course, best in terms of meeting deadlines, but it does come with the risk that you might need to re-do or change implementations, when the regulator provides clarifications later in the process.

From our analysis and from listening to different players in the market, I predict some areas that could be “evolutionised” to achieve what the regulator originally intended. For example, I wouldn’t be surprised if PSD3 introduces changes in how the SCA (Strong Customer Authentication) is used when the customer is authorising access to third parties. While this is something that banks are responsible for today, the new regulation could transfer this responsibility, partially or fully, to the third parties, so they can provide more of an end-to-end user experience for the customers.

It is also likely that the current Account Information Service would need to be enriched by other or more data, such as more account products and richer payments-related data. Areas such as consent and authentication have all along been some of the most challenging to solve in a customer-friendly way. PSD3 will likely require banks to introduce consent dashboards and the market to strengthen the authentication requirements.

Our Open Banking philosophy

Since the start, our aim has been to be one of the leading API platform providers in the financial sector. Considering our top placement in the Innopay Open Banking monitor, we have reached that goal. We put a lot of effort into our high-standard developer portal, and we run a 24/7 business operation to maintain high quality and to be the first ones to offer new features.

Our guiding star is that we develop for our customers, not for third parties. When you think about it, the PSDs are actually embedded banking – functionality distributed in someone else’s channel, serving the customer. PSD is all for the customers and their freedom of choice, but it doesn’t really matter what channel they use because it is still our product.

Some fintechs may have flashy interfaces, but the real value is in the service the customers get, not in the interface. For Nordea it is important to serve the customer where and when the need for a financial service arises, be it through our own channels, a fintech app or a system vendor. Behind the scenes, we provide a well-functioning service to meet the customer’s needs.

The future beyond PSD3

To keep our position into the future, my ambition is to be faster and better than our competitors. We want to provide wide coverage and a broad offering to be able to meet our customers’ expectations. With the upcoming Open Finance legislation, APIs will expand to more financial services, and it will be possible for third parties to reach the more profitable banking products, with many new interesting use cases emerging. The key driver for this change is the regulation. Just as with PSD2 and PSD3, banks should identify and grasp the commercial opportunities that come with it.

PSD3, Open Finance, Open Data… No matter what the future brings, my ambition for Nordea Open Banking is that we stay a frontrunner, as we believe so firmly in the API concept.