The EBA is wrong about screen scraping (Part 2)
Globally, fintech — particularly in the payments industry — is at a crucial stage in its development
E/M-commerce is booming. Volumes are expected to grow exponentially over the next few years. This is driving a rapidly growing demand for innovative online payment and financial products. So far, Europe has been one of the main beneficiaries of this development.
Two key planks of this success have been European fintech’s ability to innovate and its ability to provide a good customer experience. The ban on permitted direct access to customer data puts both at risk. If fintechs must always go through the bank’s back door API, they are essentially beholden to the banks, which could then “control the innovation” – that’s like letting the fox guard the henhouse. If the development of a bank’s API lags behind changes to the way its accounts are structured or the way its online banking works, then EU fintechs — and ultimately consumers — will be at a disadvantage.
At the same time, permitted direct access is the easiest and quickest way for a consumer to get started with a new financial provider. The vast majority of them are using this type of access today – including banks by the way! By forcing the consumer to take a more complicated route to sharing his or her data, the EBA would bring existing competition to a halt and make the customer experience less seamless. This will hurt not just such new providers, but also the conversion rates of many merchants.
The only way to motivate banks providing and sustaining an equally good – or even better – indirect (API) access than what they offer their customers directly is the following: leave the decision about which one to use to the consumer and their chosen fintech. Leaving it to the banks instead and then hoping for a level playing field by regulating and trying to enforce things like “functionality”, “availability” and “performance” levels of APIs will just create endless arguments and disputes between the parties, make the courts even busier and turn lawyers – not consumers – into the real beneficiaries of PSD2.
Driving competition into Financial Services by banning direct access is like promoting electrical cars without allowing them on to public streets. Imagine where telecoms, electricity and railways competition would be today if incumbents had been allowed to keep their access infrastructure exclusively for themselves and lay new wires, powerlines and rail tracks for their competitors to use! Banks can always be a big step ahead if competition is forced to use their (API) back entrance instead of their shiny (online banking) front door.
Some banks will want to provide great APIs to attract many fintechs around them and create a whole ecosystem, similar to what Apple and Google achieved with their app stores. Some others – probably the majority I would guess – will prefer to do nothing and save their money and scarce tech resources for more burning problems. The remaining banks in-between will do the minimum to comply and the maximum to hinder the new competition knocking at their front or back door.
The new competitors will want to use APIs if they are good, because it’s easier than automating the direct access, but they will not want to use them if they are not so good, because it would lead to not so good services to their customers, which by the way are also the customers of that bank – not to be forgotten!
In November 2016, the European Commission established a Financial Technology Task Force, with the aim of helping fintech in the EU reach its full potential. 2017, we were told, was going to be the “year of fintech” in the EU. Potentially hamstringing EU fintechs with an anti-competitive rule is an odd way of showing it.
What should we be doing?
To really protect consumers, the EU needs to help them understand how to choose the right providers when buying financial services and to safeguard against the use of malicious ones. National authorities should rigorously enforce existing laws on data protection and information security, making an example of any company which fails to meet proper standards either in the collection or use of data. This would do what the misguided EBA ban on “screen scraping” aims to do, but cannot, without harming the growing EU fintech sector.
“Permitted automated direct access” should be recognized as one of the most important enablers for innovation and competition in general, and not just in the financial services industry. Therefore, governments, regulators and competition authorities should embrace it and focus on keeping it secure and efficient, rather than throwing it out with the bathwater.
To be fair, the European Parliament recognizes this already judging by a letter they wrote in October 2016. Amazing that the EBA chose to do the opposite, and I can only hope that the parliament will insist and prevail!
Properly nurtured and regulated, European fintech will continue to be a success story: an engine of growth and a job creator, at exactly the time such things are sorely needed. This isn’t the time to put that at risk, particularly not for the sake of excessive legislation that won’t achieve its stated aim.