Committee on Internal Market and Consumer Protection II (IMCO II)

Knock knock, who’s there? The second Payment Services Directive (PSD2), introduced in 2018, has facilitated financial management for users of open banking systems and increased the popularity of such information-sharing formats. Considering the privacy and security concerns regarding third-party access to financial data, what measures should the EU take to ensure consumer safety whilst promoting innovation in banking technology?


Key terms: Application Programming Interfaces (APIs), Open Banking, Payment Services Directive 2 (PSD2), Payment Service Providers (PSPs), Third Party Payment


by Melisa Çavuş (TR)


1.Background and relevance 

With the emergence of new technologies, the banking system is undergoing radical changes as it introduces online payment services and interconnected business models. Thanks to recent developments, customers are now able to pay for goods and services without using banknotes, combine the features of multiple applications, as well as manage bank accounts online. 


As the market demand for personalised services grows, open banking practices that allow third-party access to financial data become more popular among consumers. With a regulated flow of information between service providers, clients now have access to personalised and simplified banking practices, ranging from account management to loan applications. By giving consent to open bank data, clients have the opportunity to combine and analyse financial activity on different applications whilst benefiting from optimised interest rates that are created based on the customer’s financial habits. Furthermore, open banking systems provide better risk assessment for consumers and lenders through the reception of a more accurate overview of financial conditions. 


Although open banking systems promise facilitated account management through external applications, third-party access to financial data may pose security risks and an additional liability on financial institutions. With sensitive information becoming more vulnerable to data breaches due to the increasing interconnectedness of companies, it is now more than necessary to take precautions for establishing financial security without restricting innovation in banking systems.


Given that the youth was born into a digital and interconnected world where an average consumer has at least five bank accounts, the demand for facilitated account management becomes inevitable. Seeing the rapid progress of new technologies and the impact scope of financial institutions, the actions we take today in regulating open banking will impact our future interactions with banks and money.



Image Source:


2.Key stakeholders 

Open banking systems and their implications on consumer safety are currently regulated by different areas of the European law. The matters of competition and trade fall under the exclusive competence of the EU, limiting the legislative power only to the EU, and in particular to the Institutional Triangle. On the other hand, as the executive branch of the EU, the European Commission works cooperatively with Member States regarding the issues of consumer protection and economic cohesion across Europe, which are shared competences. In addition to the Commission, there are other EU institutions which help strengthen the European policy on banking and finance. To begin with, the Directorate-General for Economic and Financial Affairs (DG-ECFIN) coordinates the economic policy within the Union, as well as conducting  business forecasts and consumer surveys. 


Furthermore, the European System of Financial Supervision (ESFS) ensures the functioning of the single market through harmonised regulations whilst its sub-body European Banking Authority (EBA) observes the banking sector, sets out regulatory standards, and assesses the vulnerability of the system. In addition, Open Banking Europe works under the supervision of EBA and supports Payment Service Providers (PSPs) and Third Party Providers in meeting the requirements of PSD2. 


On a national level, Member States and their National Competent Authorities (NCAs), designated in the PSD2, are responsible for the registration and documentation of all PSPs in a certain country. NCAs monitor the financial performance of the State and its compliance with PSD2 requirements. These institutions also act as a point of contact with other countries and relevant EU bodies. 


Click here to view this Stakeholder Map on Miro.


3.Challenges and measures in place 

Facilitated Financial Management and Privacy Concerns

As established above, open banking requires third-party access to personal information through application-programming interfaces (APIs) that act as a bridge between the data pools of financial institutions and service providers.


Although open banking depends on clients’ consent and does not provide third parties with the customers’ account credentials, there are still privacy concerns that limit the confidence of clients and financial institutions in this practice. To begin with, some clients are hesitant to share financial information with other institutions due to the increased risk of identity theft or data breaches. Moreover, some banks are less motivated to adopt open banking as a result of the additional liability to protect customer information against malicious use. As a consequence, these concerns collectively hinder the opportunities of open banking.


To better regulate payment services and data flow among banking stakeholders, the EU adopted its Revised Payment Services Directive (PSD2) in 2018 to strengthen customer authentication for online payments. The Directive also required payment service providers to be licensed, making them responsible for ensuring security and authorisation of transactions. In the case of non-compliance, NCAs reserve the right to impose fines on PSPs as well as revoke their licences. 


In addition, the EU established the General Data Protection Regulation (GDPR), outlining the standards of data collection, processing, and storage within the Union. The GDPR is directly enforceable in all Member States, and allows for a harmonisation of law across the EU. Nevertheless, there are also concerns about the research exemption to GDPR restrictions, intending to facilitate the collection of data for research purposes. Certain professors claim that a broad definition of research might allow app developers and private companies to access personal data more easily.


Increased Market Competition

A UK study conducted in 2016 indicates that older financial institutions no longer compete for clients and market share, whereas newer and smaller banks encounter difficulty with finding resources to grow. Open banking promises to re-energise the financial system by providing small and medium-sized enterprises (SMEs) with the necessary tools to compete with larger banks. With the integration of open bank data into their services, smaller institutions may attract clients thanks to facilitated financial management and better correspondence to the needs of customers. In theory, this increase in market competition may motivate older providers to lower costs, adopt better technology, and improve customer service. As a result, open banking is expected to contribute to the overall improvement of banking services. 


Nonetheless, a competitive financial market may not reach the intended improvement if bigger enterprises choose to consolidate with other firms. Consequently, the financial market might be more concentrated with fewer banks that hold greater shares, hence increasing their influence. Furthermore, data misuse and privacy breaches in a concentrated market may result in even bigger threats as the financial information of more customers would be stored in a single database.


In tackling this issue, the European Commission aims to increase the engagement of SMEs in sustainable and increasingly digitised practices. It proposes to reduce the regulatory burden of standardisation on small companies and provide information on funding. There are also networking initiatives in place that assist the establishment and expansion of small businesses. Examples of said initiatives include the Your Europe Business Portal that provides interactive guidance to entrepreneurs, the European Cluster Collaboration Platform that shows the locations of similar organisations, and Erasmus for Young Entrepreneurs that allow for the cross-border exchange of personnel. 


4.Further questions

  • Some researchers claim that the popularity of open banking is closely related to the public opinion on sharing data. In your opinion, what is the public approach to becoming an open banking client? Could there be a spread of misinformation and disinformation regarding privacy concerns associated with this practice?

  • The emergence of open banking practices will likely influence the competition  in the market. Seeing that older establishments will need to adopt the PSD2 requirements, what are the different levels of incorporating open banking into the financial ecosystem?

  • In an increasingly competitive market, some financial institutions might consider business mergers to benefit from the expertise and infrastructure of other firms. From an EU-wide perspective, what are the advantages and disadvantages of business consolidation among financial institutions?

  • With open banking, clients will be able to share some parts of their account details for a selected period of time. In your opinion, what kind of information is safer to share with third parties and will facilitate financial management for the customer?


5.Faces of Sustainability 

With the development of new technologies, digitalisation and sustainable business models are becoming more and more relevant to the European economy and society. Strengthened by interconnected systems and remote working options, Europe is moving towards a Digital Single Market that is more resilient and less dependent on natural resources. Nowadays, this numeric world enables its customers to interact digitally with companies while paying for services online. This transition promises to reduce the amount of time, money, and energy reserved for financial matters. Nonetheless, security and trust in digital systems are prerequisites for their long-term deployment. In order to ensure that customers have access to safe banking services without experiencing financial problems or crises, it is necessary to create a sustainably-functioning banking system.


6.Material for further research

Essential Engagement 

  • Examine this infographic by NDGIT concerning the key threats and opportunities of open banking.

  • Read this article by Forbes on the risks of open banking.

  • Read this article by Ishara Ilangasinghe regarding the SWOT analysis of open banking.

  • Watch this video by Open Banking about the principles of open bank data.


Additional Engagement 

  • Here is a curated Mix collection with articles and legal explanations about online payment services and their relevance.

  • Here is a YouTube playlist with a collection of videos about Open Banking practices and PSD2 requirements.