Fintech bodies call for National Regulators to work with industry to prioritise customer needs ahead of other regulatory factors

The Financial Data and Technology Association (FDATA Europe), in association with the European Third Party Providers Association (ETTPA), has highlighted a material risk to individual and business consumers in the next phase of the implementation of the Regulatory and Technical Standards (RTS) of the EU’s second Payment Services Directive (PSD2).

(Download here)

ETPPA and FDATA Europe, whilst fully supportive of PSD2, have identified a series of unintended consequences of the RTS, which will cause widespread disruption to consumers and businesses which use the services of many fintech applications. Notable examples include the impact on the many millions of businesses that use SME accountancy services such as Xero, Quickbooks and FreeAgent, unless steps are now taken.

The simultaneous attempt to encourage innovation and to introduce new payment security measures is at the root of these unintended consequences, including the deterioration of existing consumer services, the introduction of security risks to banks, interruption to retail card and bank transfer payments, and significant disruption to Fintech firms who use open finance in their business models.

Whilst the RTS has had many intricate technical challenges, with lobbying and counter lobbying between banks and fintech firms, the customer disruption issues are becoming increasingly clear, and all sides now need to work together to manage these interlocking challenges, reduce the disruption and buy some time to work on resolving the outstanding issues.

The key issues are summarised as follows

  • Strong Customer Authentication, designed to improve the security between a bank and its customer, will unintentionally block access to non payments data, such as savings accounts and loan accounts, which are in very wide use
  • The RTS provides no period of transition during which a TPP could seek to ask its customers to rejoin on the new technology. There needs to be a twelve month transition period after the banks have delivered a high quality API or Adjusted Interface to allow customers to migrate
  • It is already crystal clear that the development of the technologies is not nearly mature enough at this stage, both in functionality and resilience. It is highly likely that on the current time table, the vast majority of banks will fail to deliver a suitable API and run out of time to then deliver the Adjusted Interface. If they simultaneously then introduce the new security measures, all access to account channels used by Fintech firms will be blocked.

FDATA and the ETTPA have suggested a new order which prioritises the needs of customers through a series of technical and practical measures.

Commenting, FDATA’s Chairman Gavin Littlejohn said:

“Open finance is the biggest and most important innovation in the financial services sector since the dawn of the internet. Customers have grown accustomed to innovative market and payment solutions that improve convenience and value. PSD2 is an important first step in creating a better framework of customer rights and protections to protect this new market.

“We have made a series of practical suggestions and we are confident both in their ability to reduce the risk, and in the good will of the EC and EBA to encourage markets to develop solutions.

“As it stands the banks, fintech firms and national regulators need to orchestrate a hierarchy of needs which puts customers first. A practical first step would be to delay any new implementation of Strong Customer Authentication which could block the traditional technology from functioning as it currently does, until such a time as the key issues are properly managed. Creating a ‘big bang’ approach to implementation, regardless of the connected circumstances, is simply creating an unnecessary cliff edge, which is easily avoided by this simple measure.

Commenting, ETPPA’s Chairman Arturo Gonzalez MacDowell said:

“During such a fast pace of change unintended consequences are always a potential difficulty.

“This is not about allocating blame – everyone is facing the right way and trying to do the right thing. But we do need to take action, and there is very little time to reduce the risk present in this next phase of implementation. We need real leadership now to navigate a path to avoid the regulations accidentally disrupting the markets they were designed to nurture.”



  1. The Financial Data and Technology Association (FDATA) was established in Europe to advocate for Open Banking in 2013, during the negotiations to add account aggregation to PSD2. and then formally incorporated in 2014. It is a member organisation, is not-for-profit and has a charter to develop open secure market access to innovation across all financial verticals, including payments and payments data, but also loans, mortgages, savings, investments, pensions and insurance. Customer access to these financial verticals via Third Party Providers is described collectively as Open Finance.
  2. The European Third Party Providers Association (ETPPA) is the European trade association of bank-independent PSD2 TPPs. ETPPA is an international not-for-profit association (IVZW/AISBL) organised under Belgian law. ETPPA formalises the former Future of European Fintech (FoEF) coalition, which was created ad-hoc at the beginning of 2017 to represent the interests of TPPs in the negotiations around the PSD2 RTS on SCA & CSC. ETPPA represents the bank-independent TPP interests in the implementation and evolution of PSD2 and RTS vis-a-vis the national and EU authorities and other stakeholders.
  3. FDATA and the ETTPA have jointly authored a paper – The Unintended Consequences of PSD2 RTS – which has been presented to the regulatory authorities in the EU and the UK.
  4. Media – for more information contact Andy Maciver (+44 7855 261 244, [email protected])