Time is ticking for banks and payment service providers to comply with PSD2
LUXHUB, a joint initiative of BCEE, BGL BNP Paribas, BANQUE RAIFFEISEN and POST Luxembourg, aims to help the entire digital ecosystem to take advantage of the challenges and opportunities of the European PSD2 directive.
Although the second Payment Services Directive already entered into force in most European countries in January 2018, its most important effects for banks and payment service providers will arrive in September 2019, when the regulatory technical standards on strong authentication and access to payment accounts will take effect.
For banks, obliged to provide access to their customers’ payment accounts to new players regulated under PSD2, it’s a small revolution and also a first step towards the concept of open banking.
For third-party providers or TPPs in PSD2 jargon, this connection to banking data is a huge opportunity for new customer services but can also be a nightmare due to the diversity of connection, registration and access standards, and the strong security and data protection levels used by banks.
LUXHUB is the result of a partnership between four leading Luxembourg banks, determined to leverage the challenges and opportunities of PSD2
It’s in this specific context that Banque et Caisse d’Epargne de l’Etat Luxembourg, BGL BNP Paribas, Banque Raiffeisen and Post Luxembourg decided end 2017 to join their forces to create LUXHUB, a PSD2 API connectivity platform. Basically, LUXHUB’s objective is to make interconnection of the entire ecosystem of banks and TPPs as easy as possible.
In practice, third party providers are granted access by PSD2 to the final customer’s payment accounts, in order to retrieve account balances and transactions but also to initiate payments from this account, provided that:
• The TPP is approved and supervised by a European banking supervisory authority (CSSF in Luxembourg).
• The final users have given their consent to the use of their financial data or the initiation of payments on their behalf.
On their side, banks must offer access to payment accounts:
• Through an interface, usually called API (application programming interface), which will regulate and secure the exchange of data.
• With 24/7 availability and robust infrastructure and the ability to offer the same service level to TPPs as they provide to their customers via web or mobile banking services.
• Without any discrimination or additional requirements compared to the data available through the interfaces used by clients (web or mobile banking services).
The management of all these “rights and obligations” for PSD2 stakeholders is at the heart of LUXHUB’s activity, which will offer the following services to banks and TPPs:
Bank/ASPSP Connection: Enabling banks to easily publish an access-to-accounts (XS2A)
API Third-Party Providers Identification: Enabling banks to identify third-party providers by controlling their certificates and checking their regulated statuses.
Reporting to ASPSP: Providing reports about TPPs’ API usage and performance.
Third-Party Providers Support: Providing functional and technical support to third-party providers.
Consent Management: Enabling management of the customers’ consent in accordance with PSD2 and GDPR
A broad coverage of the Luxembourg banking market along with European ambitions.
By joining forces, the four shareholders already account for almost 75% of cumulative market shares for individual customers and 65% for SMEs and corporates in Luxembourg.
The initiative is nevertheless open to any bank concerned by PSD2, aiming at simplifying and accelerating their PSD2 compliance without making heavy technical and human investments.
For TPPs, access to banks via LUXHUB will provide an important added value since they will be able to access all connected banks through a single connection and a unique identification process.
But the ambitions of LUXHUB far exceed the sole Luxembourg market. The newborn company clearly shows its European ambitions:
Jacques PÜTZ, CEO of LUXHUB:” In the future, successful innovative business will only be possible by cooperating with other partners or banks. LUXHUB sees its mission as helping European financial institutions with these challenges”
In addition to PSD2 compliance, LUXHUB’s ambition is indeed to enable its customers to take advantage of open banking opportunities by connecting fintechs and banks through powerful, robust and secure API connectivity. In the future, new APIs will be developed and made available to all connected stakeholders.