Datum: 26 november 2020
Locatie: Webinar Fintech meets the regulator
Spreker: Inge van Dijk
I am glad I have the opportunity to speak to you all today. Online, obviously. But the pandemic has forced us all to think of creative solutions to all sorts of problems. And that is something we have managed to do quite well, so far. But thinking of creative solutions is nothing new for you.
We have a mixed crowd here today. Payment services fintechs, start-ups and banks of all shapes and sizes. I imagine for some of you, contact with a central bank and regulator may feel like a culture shock. Like two different worlds. I know the feeling all too well. In fact, I come from the fintech world. I only started working here at De Nederlandsche Bank a few months ago. But my experiences so far have taught me that it is possible to bring these two worlds together. To gain a common understanding. And that is exactly the purpose of meetings like this.
So let’s get started.
As you know, the pace of innovation is accelerating. And this is certainly true in the payments market. Just think about all the different new payment methods. Instant payments, contactless payments, QR code payments, mobile payments. I sometimes wonder whether the next generation of children will even know what a banknote is.
There are three key drivers behind innovation. Technological development, changing consumer preferences and new regulation.
PSD2 is of course an example of the latter. I would like to briefly consider what PSD2 has brought us. Where is the room for improvement? And what lessons can we learn from it for the next step in European payments regulation?
In the Netherlands, more and more payment service providers are using the opportunities PSD2 has to offer. As PSD2 facilitates access to payment accounts with banks, these businesses can provide payment initiation and account information services. However, The supply and uptake of these services has so far been a bit tentative. One of the reasons for this is that many consumers are still reluctant to share payment data with third parties. I will come back to this later.
Let me give you a few figures to outline the current situation. In the Netherlands, we have now granted licences to 18 operators. This number also includes parties who have had their licences expanded so they can also provide services under PSD2. In addition, there are 14 pending licence applications. Moreover, almost all banks now also offer account information services to their own clients. One hundred and forty payment service providers with a licence in another EU Member State have been granted passporting rights to provide these new services in the Netherlands as well. All in all, however, the PSD2 market is still in its infancy.
The new PSD2 service providers have a wide range of business models. They range from personal finance management tools; to micro-investment platforms; to automated invoicing and accounting for small businesses; to payment platforms; and even to creditworthiness assessments of consumers and businesses.
Banks have an obligation under PSD2 to grant licensed third parties access to payment accounts. However, it is still not easy for these parties to enter the market. A key reason for this is that banks use different standards for their Application Program Interfaces. These APIs are the 'gateways' they have to create to give the new parties secure access to customers' payment accounts. As a result, these parties incur additional costs. There are already many different APIs within the Netherlands, but an even wider range in Europe. This makes passporting complex for new service providers. If we want to make it easier for new payment service providers to roll out their services, we have to set standards to make APIs more uniform. That’s not easy, but at DNB we are calling on the European Banking Authority to push for this to happen. It will take some time before it does, but fortunately there will always be innovators to jump in and fill the gaps until then.
There has not been much progress under PSD2 in terms of data sharing. However, development towards Open Banking and Open Data is becoming increasingly important. The economic potential of the free use of data for the innovation of products, services and processes is enormous. This applies not only to payment data, but also to other financial data such as investment information, personal loans and mortgages. It also applies to non-financial data, such as telecoms data, energy consumption data, location data and so on. Innovative market parties can offer new financial services that are better tailored to consumers by making smart use of their data – provided they always give their explicit consent first. They can also make better risk assessments so that services can be priced better.
That is why I am so pleased with the Digital Finance Package that the European Commission published at the end of last month. That package consists of several pieces of legislation that can give a real boost to innovation. For example, the Commission has announced it will present a legislative proposal on regulating Open Finance and Open Data in mid-2022. Just as with PSD2, the person concerned must still retain control of any of their shared data. This data will be shared with a third party only after the explicit consent of the person concerned. An example of innovation as a result of Open Finance is that it enables further improvement of personal finance management tools. This is because, in addition to payment data, data on savings, investments, mortgages, pensions, etcetera can now also be used.
Our experiences with PSD2 offer us the opportunity to draw lessons for more far-reaching forms of Open Finance and Open Data.
A first lesson is that customers must have sufficient confidence in the parties wanting to use their data. Research we have done at DNB demonstrates this. In the first year that PSD2 was in force, one in four customers in the Netherlands gave consent for their payment data to be used to provide PSD2-related services. In moost cases they gave their consent to banks. Even today, willingness to give consent to use payment data in exchange for new services remains limited. Half of customers say they only want to share this data with their own banks, while an even smaller proportion are open to sharing payment data with non-banks. The main reason is a lack of confidence that the data will be used securely.
The second lesson is that organisations that have data should share it with other businesses in a uniform and efficient manner. With PSD2, the market is already moving cautiously towards more standardisation. But the approach could be made more effective. On introducing Open Finance, one consideration could be to offer the businesses sharing the data the opportunity to charge a price for it. This is not currently the case with PSD2. It will encourage more third-party access, because the businesses itself will then also have a financial interest in facilitating access. There is also an incentive to continue investing in the access infrastructure. And if businesses sharing data can charge third parties a fee for this, then there is a clearer justification for passing these costs on to the customers of those third parties. This is one aspect we should consider.
The third lesson is the need for more intensive cooperation between regulators and supervisors at national and European level. This is important to properly balance the different public interests involved in data sharing, and to coordinate regulation and supervision. As far as PSD2 is concerned, there is room for improvement at European level. In the Netherlands, the four most important supervisory authorities are De Nederlandsche Bank, the Dutch Data Protection Authority, the Authority for the Financial Markets and the Authority for Consumers and Markets. These four already have regular consultations through the PSD2 Task Force, mainly on supervisory interfaces. Such intensive cooperation could also be promoted at the European level, in the context of PSD2, but also in connection with the new regulations on Open Finance and Open Data.
As I said, citizens' and businesses' trust in security is important in order to maintain confidence in digital payments and in data sharing. Take the recent wave of spoofing, where cybercriminals pose as banks in order to obtain account details and steal funds. This undermines confidence in payment transactions. Supervisors, market operators and the government must join forces to address spoofing. And I would happily challenge you to help us think of a solution to this problem.
Trust is also built on good cyber security. In this regard, I look forward with interest to DORA. DORA stands for the Digital Operational Resilience Act and is part of the European Commission Digital Finance Package I mentioned. The Commission intends to use DORA to regulate a number of matters. For example, large financial institutions will be obliged to carry out advanced hacking tests. DNB already allows institutions in the TIBER-NL programme to do this, but it is still on a voluntary basis. In addition, there will be enhanced supervision of ICT outsourcing at financial institutions. This will mainly be achieved by tightening outsourcing rules. Finally, third parties critical to the functioning of large financial institutions will also be placed under some form of supervision. Take for example major firms that offer cloud computing services.
I wholeheartedly support these developments. Central banks should monitor each link in the payment chain where potentially major risks can arise. And they should also be able to provide guidance and instruction where necessary.
Another part of the Digital Finance Package which I fully support is the Retail Payments Strategy. In this strategy, the Commission states that it is striving for the wide use of instant payments at European level, which is already implemented in more widely in the than in other Member States. The strategy also outlines the creation of pan-European payment solutions -originating in Europe - that can be used both at physical points of sale, and online. Take the European Payments Initiative (EPI), which will reduce Europe's dependence on large global - non-European - card schemes, and on bigtechs.
This might come as a surprise to you, but central banks are also capable of innovation! So for example, we and several other national central banks in the Eurosystem are working together with the ECB on experiments to create a digital euro. We see opportunities for a digital euro as a complement to cash. To make sure public money in the Netherlands remains accessible in the future too. This is even more so the case, now that cash use is decreasing rapidly, especially in our country. it is key that a public form of money remains available. After all, interchangeability between private and public money is important for confidence in - and therefore the resilience of - our monetary system. At DNB, we have announced our intention to play a pioneering role with regard to the digital euro. We have already started developing various options for its design. In mid-2021, the Eurosystem will decide whether to launch a digital euro project across the Europe, partly on the basis of the results of the public consultation and the planned experiments. It is evident that private parties will play a larger role in bring the digital euro to the market. This is not possible without market operators, without all of you.
Digitisation of payment transactions, the decline in cash, 24/7 instant payments, the rise of digital currencies. Developments are taking place at lightning speed and sometimes reflect recent developments in mobile technology. Could our paper money go the same way as the old telephone with the rotary dial? For the time being, as you know, we need to make sure cash doesn’t disappear any time soon. This means vulnerable groups, such as the elderly and disabled, will be able to continue to make payments like everybody else. And we always need to have a fall-back option in the event of large-scale disruption to the electronic payments systems. But we know that change is constant, so we can be sure that, eventually, innovative solutions will be found to address these needs.
Whatever the next few years may bring us, at DNB we believe in innovation. It enables cheaper, faster and safer services, stimulates competition and improves accessibility, which benefits the public. As a central bank and regulator, we therefore want to create as much room as possible for innovation. All this, of course, on condition that payments remain safe, efficient, reliable and accessible. And that financial stability is guaranteed. That is what you, as market operators, can count on. And I, for my part, hope and expect we can count on your help in this mission.