The Open Banking Interviews: Reinout Temmerman, Payments Advisor, National Bank of Belgium
No PSD2 without a regulator. That is why we are very glad that we were able to convince Reinout Temmerman of the National Bank of Belgium to join us for the Open Banking Interviews. This interview has a slightly different dynamic compared to the other, but it is definitely as interesting!
Part IX of The Open Banking Interviews (see part VIII, with Fanny Solano, Head of Digital, Retail and Markets Regulation, CaixaBank).
It’s our first interview with a regulator. Could you share your view on the changing market? Are banks, fintechs and consumers ready for September 14th?
There are challenges ahead, also after the 14th of September. We see challenges at a pan-European level from a regulatory point of view from the entering into force of the strong customer authentication rules and this specifically for the cards industry as concerns e-commerce. I refer also to the EBA Opinion released in June in this regard. We have seen recently in the UK, France, Ireland, Italy and the Netherlands, PSD2 authorities releasing public statements with regard to supervisory flexibility and enforcement of SCA (Strong Customer Authentication) for certain use cases. At the Belgian level, we are certainly closely monitoring that situation.
On the other hand, for PSD2 and Open Banking within the limits of PSD2, I think the 14th of September is just the beginning. We’ve seen the overwhelming majority of Belgian banks move to API-based PSD2 ‘Open Banking’ solutions.
As we know, however, APIs are never truly finished. There will always be new versions of these APIs, and I think the real test for APIs is going to be in their actual use by third parties and by consumers using TPP services. Just as the proof of the pudding is in the eating, based on the eating of the pudding we may have to tweak the recipe there as a regulator.
Do you see a lot of eating in the pudding today? Do third parties show a lot of interest in this new regulation?
Yes, we do see quite a bit of interest by the third parties in this regulation. Last year, we chose to set up a fintech contact point together with the FSMA. It has proven to be very useful for the industry, we serve quite a few start-ups, existing companies, ….
Or course, they vary in maturity of product development, but I think personally we are just beginning to see the tip of the iceberg in terms of business models that could be possible to develop under PSD2 and Open Banking.
PSD2 has been a very long process. The issues related to strong customer authentication, to what you referred to earlier, seem to extend this even a little more; on the other hand, you have the innovators that wish to speed up things. How do you look towards this tension?
I think it’s important to keep in mind that PSD2 is not responsible for inventing TPP services. TPP services have been around for many years. PSD2 is limited in scope of course to payment accounts, but it has given TPP services a legal base and has essentially forced an ASPSP, mainly banks, to allow access to a third party, i.e. to allow a beginning of Open Banking on a no-contract basis.
On the other side of the coin, it has regulated existing and new TPPs for business models that used not to be regulated.
Generally, it has to be taken into account that law tends to follow innovation. I don’t think the fact that it takes quite a bit of time to regulate something necessarily hampers innovation as such. Innovation comes first and then we need to see which innovations require regulation and which ones don’t.
Let’s continue on that track. I see PSD2 as a starting point of a whole new journey, the one of Open Banking, which goes far beyond PSD2 and payments. I call it the journey to everywhere banking. How do you look at this? Are we moving to a completely different way of banking according to you?
I think phrasing that would require a crystal ball [laughs]. I think one could argue that PSD2 sets the tone on the European level and could be seen as the first step towards that sort of Open Banking.
It’s very clear to the regulatory side what the steps are Open Banking has been taking and I don’t think we’ll be marching back on those already taken. On a national level, our job as a regulator is to enforce the laws for which we are currently responsible and to ensure that there is a level playing field that continues to exist between all parties.
We need to also reconsider the idea of a small start-up non-bank TPP vs a large bank. I think the main TPP activity in this country in the foreseeable future is going to be coming from large banks: they have the scalability, they have the IT to roll this out, and they have an established customer base with their trust.
For the National Bank, it must have been challenging to adapt to the new way of banking. How to you as a regulator keep up with innovation these days?
Well, next year we’ll be a 170-year-old start-up so we’re doing fine, we have been in the game for quite a long time [laughing].
All jokes aside: we are the prudential regulator for banks, insurance companies, as well as for payment and e-money institutions.
We are on the one hand in close contact with these institutions, therefore we know what they are dealing with. Recently we have published a report on how we see the challenges of digitalisation and fintech play out for the Belgian banking industry.
On the other hand, we are also closely involved in international innovation following work. Belgium is not an island, we are following on what’s being done on European or even higher level: the ECB in Frankfurt, the European Banking Authority in Paris, the BIS, the World Bank, the IMF, … That’s how we keep up.
The CEO of bunq recently in the Open Banking interviews: “By opening up, I don’t mean being regulated, money has a special place in society so it needs to be regulated. I just think we should change the strategy towards where regulation is going allowing for innovation to happen and creativity to happen while keeping everybody safe.” He was referring to the fact that regulators are often going too slow. Do you want to comment on this?
Not necessarily vis-à-vis Mr. Niknam, but I think regulation on this topic should first of all be thought about and created at a pan-European level. Today with PSD2 we are imposing an important and big piece of regulation to the industry.
It will take a while to digest, for small institutions as well as for bigger banks. Once it’s implemented and the dust has settled a little bit, we can assess whether this regulation needs tweaking or whether we need a new sort of PSD2, maybe even without the “P” being a prerequisite. That is a policy discussion to be held at the appropriate European level.
I think PSD2 has a good balance in opening up, while at the same time regulating the TPP industry. Rights TPPs (including banks) obtain in PSD2 come with obligations.
I think that is exactly perhaps the point of Mr. Niknam: regulating the TPP, so a small start-up can potentially get access to a lot of data — and since this is financial data and therefore not like any other data, this needs to be regulated precisely. I think PSD2 struck a good balance. Time will tell.
Then we have our lasts question: next-level Open Banking: what do you see as key trends for 2020 and beyond?
I think we all need to be careful with predictions, and I need to be even more so, given that I am not in the commercial industry. For consumers, I’m convinced that, on the one hand, you’ll have business models of TPPs (banks and non-banks) that will offer better user experience and bring added value. And I think it’s going to be even more exciting once we have instant payments rolled out in Europe and Belgium as well.
On the other hand, I don’t see this as a zero-sum game versus the cards industry. Tokenization and the benefits that it brings to the cards industry is a powerful tool with which to differentiate in e-commerce with TPPs using SCT.
As a national regulator, we focus in 2020 on ensuring that PSD2 and specifically its key piece of regulation, the Regulatory Technical Standards (RTS) on strong customer authentication (SCA) and common and secure communication (‘Open Banking’) gets implemented correctly by all parties in the industry, and that the level playing field is maintained.