Illustration of how North American banks can achieve open banking compliance in six months

This is the second post in our series on Open Banking compliance in North America.  As I discussed in our last post, recent events indicate that North American banks should prepare for Open Banking regulations in the coming months and years. Here’s what banks need to know to achieve open banking compliance in a short span of time.

How PSD2 Changed the EU’s Banking Landscape

US financial institutions can benefit from the experience their EU counterparts went through to become PSD2 compliant. The European Union’s Second Payment Services Directive (PSD2) was built on two core concepts:

  • Increase Market Competition: The first component was to promote greater competition in the EU’s financial services market by making it easier for customers to share their data with banks, FinTechs, and third-party providers (TPP) using application programmable interfaces (APIs). 
  • Strong Customer Authentication (SCA): The second concept introduced enhanced security requirements using strong customer authentication for electronic payments – such as multi-factor authentication (MFA), biometric authentication, or a password or PIN. This relies on having any two of the following three factors:
    • Knowledge – things the user knows like a password or PIN;
    • Possession – something unique the user has access to, like a mobile device; and
    • Inherence – something unique about them like a fingerprint or facial pattern.

Outline of 3 factors needed for strong customer authentication (SCA) - knowledge, possession, and inherence

I recall how the reaction to PSD2’s requirements at many UK and EU banks was one of trepidation and anxiety. Bear in mind, global financial markets worldwide were still adjusting to an earlier round of regulations that followed the 2008-2009 economic downturn. After going to great lengths to ensure the bank met the minimum capital requirements to prevent another crash, EU and UK banks were also required to share customer data with potential competitors. 

PSD2’s 3 Biggest Lessons from EU Banks

US financial institutions can benefit from the learnings their EU counterparts gleaned to become PSD2 Compliant. 

Below are three insights from Feedzai’s collective experience in becoming PSD2 compliant as both a bank and a solution provider:  

  • Customers hold banks liable for data breaches. PDS2 raised new questions over where customers would place the burden of liability for data breaches and fraud – and how to educate customers about how to handle their data. A notable concern was whether or not customers would blame their banks even if data breaches did not occur on any of the bank’s platforms. 
  • Open Banking disrupts customer experiences. EU and UK banks had to interpret the new rules of PSD2 and implement solutions that delivered consistent customer experiences. For example, if some banks required passwords or PINs for their SCA and others required biometrics or facial recognition, there could be inconsistencies across the market. Therefore it was key that FIs considered how to balance customer experience and regulatory compliance. A great example of this was the wide-scale adoption of push notifications to leverage the trust built into native mobile banking applications. 
  • Open banking increases competition and opportunity. With data moving more freely between organizations, banks faced a more competitive market both from legacy FIs and newer FinTech players that could entice customers with tech-savvy offerings. At the same time, banks realized they could also use customer data to poach customers from competitors. In this sense, banks were both poachers and gamekeepers in the PSD2 landscape.

A Guide to Becoming Open Banking Compliant in Less Than 6 Months

Although PSD2 was a disruptive event (as many regulator-first initiatives are), there was a sense of excitement at my old employer over the opportunities that it created. That’s because PSD2 pressured banks like mine to deliver a truly customer-centric proposition. Working with Feedzai, my bank realized we couldn’t solve just a single problem. Instead, we needed a platform approach so that we could easily pivot to address new PSD2 challenges. 

Here’s how Feedzai makes it possible to become PSD2-compliant in a short span of time.

Implement a Customer-Centric Fraud Prevention Strategy

If we tried to solve a specific Open Banking fraud problem, we couldn’t easily pivot to address fraud on traditional banking channels and vice versa. After all, data transmitted via an Open Banking channel could come back in a cards or transfers channel. Instead, we had to create a truly customer-centric fraud prevention system that addressed fraud on whichever banking channel the customer used.

Use Cloud-Based Deployment with Legacy Banking Systems

Determining whether we should invest additional resources to our existing legacy banking system was the biggest obstacle to delivering a customer-first fraud prevention strategy. Investing in cloud technology that enabled faster deployment instead of adding to our existing legacy stack made the most sense. Digital innovation was already on our roadmap at the time, and Open Banking regulations gave us the motivation we needed to move forward with our investment goals.

Embrace AI and Machine Learning

The Open Banking compliance challenge required banks to deliver real-time updated models into production to prevent fraud across multiple banking channels. This made the implementation of artificial intelligence and machine learning technology a necessity that enabled our bank to outperform its legacy system.

Being able to hit all three of the key targets (embracing a customer-centric fraud prevention strategy, investing in cloud, and embracing AI and machine learning) listed here with a single platform was a key goal for us. As they address their own Open Banking priorities, US and Canadian FIs should determine their own best path forward. Bear in mind that digital banking technology has evolved since the days of PSD2. North American FIs should define what success is as they pursue their own priorities. It also helps to talk to those with experience adjusting to Open Banking compliance realities like EU and UK counterparts.

Today, European banks are well-positioned to process a significant share of open banking payments in the coming years. A recent report projects European banks are on track to serve 75% of global open banking payment users by 2026 while the share of North American banks will be just 9%. The same report estimates the value of open banking payments will reach $116 billion by 2026.

Open Banking regulations promise to bring significant changes to the North American banking landscape. Fortunately, these banks don’t have to go down this journey alone. Banks in the EU and UK have already blazed a trail. With the right partners, North American banks can meet their own Open Banking compliance obligations in less than six months.

Download our ebook PSD2 & Strong Customer Authentication: A Collection of Resources for Banks to learn how to reduce customer friction while satisfying SCA.