Article

PSD2 – getting to the bottom of ‘wide usage’

Paul Olukoya Paul Olukoya

As banks continue to work towards the EU Payments Services Directive (PSD2) deadline on 14 September, finalising APIs and achieving exemptions to the fallback option remains a key priority for businesses.

One of the more vague elements of the exemption guidelines refers to the ‘wide usage’ clause (EBA/GL/2018/07, guideline 7), and a lack of clarity over its interpretation means many firms are unsure of how to evidence it. This could result in a 'minded to refuse' exemption decision from the Financial Conduct Authority (FCA), prompting a rushed – and potentially costly – development of the screen scraping fallback option. Banks should review their existing evidence regarding the wide usage clause and clearly demonstrate the actions taken to fulfill it.

It’s challenging to get a bigger sample size

PSD2 is partly about levelling the playing field and opening up the payments sector to a broader range of participants, through the use of application program interfaces (APIs) for third party providers (TPPs). During the API development, TPPs were invited to participate in the live industry testing stage. From the regulators’ stand point, the testing stage is hugely important as it demonstrates how well the API works in practice and identifies any issues around access, communication, security or volume of users. Without this, the regulator cannot adequately assess the reliability of the API, or therefore make an informed decision about the need for a fallback option.

Ideally, a substantial number of TPPs would take in part in the testing process - but, in reality, there’s no driver for them to participate in testing. It may be a regulatory requirement for banks, but TPPs are under no such obligation. This means that some banks have not been able to conduct as extensive testing as they would like, so evidencing the strength of the API may be difficult.

It’s a known problem

The FCA and European Banking Authority recognise this issue and have made it clear that a small (or even nonexistent) testing sample does not automatically mean that an exemption request will be refused. The FCA will assess the use of the interface and the number of successful requests sent by TPPs during the testing phase. They will also take into account the extent to which a bank actively sought a wide TPP user base for testing, including how well they publicised the availability of the API and the testing timeframe.

While that’s good news for banks, it does put the FCA (and other regulators across Europe) in a difficult position. They are being asked to assess the robustness of an API, with potentially insufficient evidence of it working in practice.

Strengthening your exemption application

The FCA may seek further clarification regarding wide usage and banks should be prepared to strengthen their application accordingly. Key areas for inclusion include the findings of further testing since the initial application and clear evidence that every effort has been made to involve TPPs.

We can support banks by helping to engage TPPs for further testing and providing further guidance on the evidence required. For further information on how we can help, please contact Paul Olukoya .

Article
PSD2 - understanding eIDAS and TPPs directory services Find out more
Article PSD2 - will your API (or fallback) be ready in time? Find out more