PSD2 & eIDAS: Are social networking platforms replacing banks?

"Banks aren’t places to store money anymore, banks are places to store data". This was the statement made by David Birch at the 2017 ISSE Conference in Brussels.

David is an internationally-recognized thought leader in digital identity and digital money. 

As per David, social networks and tech giants like Amazon, Google, Facebook, Microsoft and Apple will be competing with banks head-on for banking customers and reshaping the financial industry (probably more so than even FinTech start-ups). Their efforts will be boosted by having access to banking APIs, thanks to directives like PSD2, which will allow them to offer certain banking services directly to their customers via their own platforms.

We have already discussed how PSD2 and open banking is likely to affect traditional banks in greater detail (see "PSD2 and the new challengers to dethrone the banks" and"PSD2: The business angle - Risk and rewards").

PSD2 essentially allows non-banks to plug into the core banking systems of existing banks and offer banking services via their platforms. This will allow, for example, a company like Facebook to simply add a "pay" button next to a friend's name on your timeline. You can then directly transfer money without bothering to feed in their banking details, etc. You might also be able to pay small tips to content producers directly on a platform like YouTube simply by pressing a new button next to the like button. These are just some possibilities that may soon be on offer on your favorite social network or content platform.

Given how easy and intuitive all of this is going be, do we really need traditional banks anymore?

It's all about competitive advantages!

Social networks and tech companies base their revenue models on mountains of data that they collect on client preferences and habits. They have access to a lot of behavioral data – but is it enough to become a full-fledged bank?

Banks still have a few key advantages. Having a massive infrastructure and expertise to meet all the regulatory conditions is one of them, and having access to large amounts of personal data, customer data, and contacts is another. Tech giants might have a certain advantage in usability and keeping customers engaged on their platforms, but they don't have the intricate control systems that banking requires. 

For example, banks have access to things like ISA documents (Identity, Signature and Addresses), lifetime credit histories of customers, risk-based pricing models based on hundreds of parameters and decades of data, and aggregated consumer spending data based on a vast network of bank accounts and debit & credit cards. They also have the framework in place to perform detailed checks of their customers against worldwide databases to prevent money laundering, terror financing, and checks against sanctions and restrictions imposed by various agencies in various countries – right from the UN to the IRS.

So the question really becomes this - is it easier for tech companies to build a massive banking services backbone, complete with compliance, risk management, and regulatory expertise OR is it easier for banks to keep their customer base happy by providing them increasingly easier methods to transact? The ideal situation, like almost always, might be to meet somewhere in the middle. Banks provide the transactional backbone and their risk management expertise, while the tech companies provide the front end.

And this is where regulations like PSD2 and eIDAS come into play. PSD2 provides the mechanism for integrating these two worlds, while eIDAS allows for the adoption and standardization of best practices in digital identification and signatures. It ensures that financial transactions are safe for all parties involved, including traditional institutions, technology giants, and new FinTec startups.

References and Further Reading

• PSD2 Directive - DIRECTIVE (EU) 2015/2366 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (2015), by the European Parliament and the Council of the European Union.

• Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission
• Selected articles on Authentication (2014-16), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more

• Selected articles on Electronic Signing and Digital Signatures (2014-16), by Ashiq JA, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, Tricia Wittig and more
• REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), by the European Parliament and the European Council

• Proposal for a REGULATION concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), (2017), by the European Parliament and the European Council

• REGULATION (EU) No 910/2014  on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
• Recommendations for the Security of Internet Payments (Final Version) (2013), by the European Central Bank
• Security Controls Related to Internat Banking Services (2016), Hong Kong Monetary Authority

 Image: Photograph of a TV screen with Gunsmoke playing, courtesy of simpleinsomnia, Flickr (CC BY 2.0)