PSD2 ‘in jeopardy’ over poor quality bank APIs

With the second Payment Services Directive (PSD2) Regulatory Technical Standards (RTS) deadline approaching on 14 September, new analysis has revealed that European banks have so far failed to provide the proper technology environment for third party providers (TPPs) to access payments data as required by the new law.

Swedish Open Banking platform Tink attempted to integrate 84 Application Programming Interfaces (APIs) representing 2,500 banks across 12 markets in Europe, which cover 90 per cent of the population in each market surveyed.

European banks were mandated to make their production APIs available by 14 June - three months before the final RTS deadline. Tink’s analysis showed that while 69 per cent of the APIs were available by that date, not a single API was found to be of sufficient quality to have met the required regulatory standards for integration.

Banks are welcoming feedback on the quality of their APIs and are showing willingness to improve, but the lack of the expected seamless transition from the sandbox environment from pre-14 June risks derailing the vision of PSD2, according to Tink.

In order to ensure a continued service to end users from September, third party providers will now need to rely on contingency methods stipulated by PSD2.

However, Tink noted there is a risk that banks could be let off the hook from providing these fallbacks – and provided an exemption on the basis of having made their APIs available, regardless of the quality.

Tomas Prochazka, vice president of product at Tink, called on regulators to enforce an extended transition period after the September deadline to allow banks more time to get the APIs up to standard, and for TPPs to make the necessary transition.

“While efforts from both sides are being made to make the deadline work, TPPs all over Europe are being left in the dark,” he stated. “Unanswered questions - such as who will be granted an exemption from providing a fallback method and when these exemptions will be issued - mean they are faced with a suboptimal working environment.”

In April, the European Banking Authority (EBA) published a series of clarifications to issues raised by its joint working group on APIs, as well as the provision of a list of TPPs that are interested in testing.

Last month, the Financial Conduct Authority (FCA) responded to the EBA's opinion on Strong Customer Authentication (SCA), agreeing that some firms will be given extra time to implement the rules.

Key industry questions about which authentication factors comply with the requirements for SCA had been taken into consideration ahead of the September deadline.

    Share Story:

Recent Stories


Meet Evelyn, your Economic Sanctions/PEP/Adverse Media Alert Adjudication Analyst
Meet Evelyn, an Economic Sanctions/PEP/Adverse Media Alert Adjudication Analyst, who uses native AI/ML capabilities to automate the Customer/PEP screening and Negative News screening alert adjudication processes for leading BFS organizations with greater speed, accuracy, and consistency than human analysts.

New Business Frontiers
FStech’s Mark Evans discusses the future of financial services with Liu Jianning of Huawei, covering the limitations that current thinking can impose, how financial institutions can embrace technology to be both agile and resilient, and making space for the organisation to focus on the job of creating innovative business models and on delivering business value for their customers.

The Future of Intelligent Finance
FStech Group Editor Mark Evans sits down with Jason Cao, President of Global Financial Services Business Unit, Enterprise BG at Huawei ahead of its Intelligent Finance Summit which was held on 3rd and 4th of June in Shanghai. This Q&A delves into key trends in digital transformation of the financial services industry as well as a look at how data, robotic infrastructure, intelligent storage and innovative technologies are shaping the future for FSIs.