PSD2 and Open Banking Resolutions for the New Year

The new year means new regulations and new resolutions for financial services organizations! The long awaited implementation date for the Revised Payments Services Directive (PSD2) and Open Banking is in just a few days – January 13th. This means that banks in the European Union as well as the United Kingdom will now have to comply with regulations that are designed to promote innovation, enhance consumer protection and increase competition in the financial services industry. The requirements include:

  • Opening up customer data to approved third parties like fintechs and competing banks via secure application programming interfaces (APIs)
    • More specifically, enabling payment initiation service providers (direct payments), account information service providers (account aggregation), and account servicing payment service providers (account servicing) to access customer data via secure APIs
  • Gaining explicit customer consent before initiating transactions like data sharing or payments
  • Implementing strong customer authentication methods like biometrics for secure access
  • Accomplishing all of this using standards

Digital identity is at the heart of all of this. In order to build trusted customer relationships when sharing personal data with these third parties, you need a modern, scalable identity infrastructure that prioritizes customer privacy and consent. Opening previously proprietary customer data to secure ecosystems will drive innovation and lead to the creation of new apps and services around personal financial management. Consumers will be able to aggregate bank account information across many banks, power direct payments from retailers to bank accounts, and much more. Competition will increase as fintechs, challenger banks, and even retailers and tech companies elbow their way into the market, empowered by this regulated access to customer data. Instead of being swept away by the tide of PSD2 or Open Banking, it’s time for banks to stand on the firm foundation of the investments already made in KYC processes and robust security. In 2018, banks should resolve to evolve their customer-centric strategy to address this new regulatory reality, using identity to create seamless, secure omnichannel user experiences. For more information on how identity and ForgeRock can help you to make PSD2 and Open Banking a catalyst for growth, check out this infographic.

Want an idea of just how well the ForgeRock Identity Platform works for financial services? We were recently selected by the Open Banking Implementation Entity to provide the Reference Bank Application that registered parties involved in the ecosystem will be using to test their Open Banking functionality. It’s a testament to the flexibility and innovation of the ForgeRock Identity Platform. Our expertise in applying rock solid standards and protocols to deliver fit for purpose protection for valuable customer data is part of how we’re solving serious technical challenges for financial services organizations around the world.

There’s a reason why major banks like HSBC have chosen ForgeRock as their digital identity platform of choice: they need a unified, standards based platform that can not only address current challenges, but adapt to solve future ones as well. When you consider the significant impact of PSD2 and Open Banking and then the impending European Union General Data Protection Regulation (GDPR) on your business, you ‘re facing several serious regulatory hurdles that all involve identity as a way to manage privacy and customer consent. The dynamic nature of capturing consent means you need a powerful digital identity platform to do so. As you plan for the year ahead, resolve not only to be ready for the deadlines of today, but to build an identity-enabled infrastructure to address the requirements of tomorrow as well.

To learn more about our PSD2 and Open Banking solutions, read the white paper of visit our financial services solutions page.

You can find more information about identity and GDPR here.