Open banking regulations: EU versus UK

The EU began the move to regulate and implement open banking, with the UK applying its own spin. Almost four years after PSD2, who's leading the race?


Leaving aside the political aspects of Brexit, for better or for worse the EU and the UK are now on different trajectories. There were significant differences before Brexit, of course, but now the gap is widening. This is true in technology just as much as in other areas of business and commerce.

FinTech in particular is at the sharp end of regulatory differences between the two territories. In both the UK and the EU, the legislation underpinning the open banking aspects of FinTech is the Revised Payment Services Directive (PSD2) which came into effect in 2016, the year of the Brexit referendum vote. But there the similarities end.

PSD2, which had to be signed into national law by each EU country by early 2018, tells countries what they must do in terms of opening up their banking systems to innovation. However, it doesn't tell them exactly how to do it. That's left to individual countries to decide.

According to Jack Wilson, Head of Policy at TrueLayer, an open banking TSP (Trusted Service Provider) and API intermediary, "UK and EU's open banking regimes stem from the same EU legislation. [...] However, how this directive has been implemented in the UK and in different EU countries varies significantly."

Wilson explains that the UK's open banking ecosystem is advanced because alongside PSD2, the UK Competition Authority (the CMA), required the nine largest banks to develop a common API standard. That action made it easier for FinTech firms to access open banking in the UK, and also provided a clear template for other banks to follow. "This resulted in mandatory open banking standards being used to implement PSD2," says Wilson, "overseen and monitored by an independent body [...] the Open Banking Implementation Entity (OBIE)."

This meant that banks serving the vast majority of UK consumers were compelled to build high quality APIs to an ambitious timetable, ahead of European banks. In Europe, standards bodies such as STET and Berlin Group were formed, but they could not compel banks to implement standards in a specific way.

Kieran Hines, Senior Analyst, Banking, at Celent, offers a similar perspective. "The most important [factor] has been the way that the domestic open banking initiative has been rolled out [in the UK]. In addition to setting clear guidelines and standards for the industry, these have been strongly enforced by the OBIE. The situation in Europe is a little further behind, and varies quite a bit between markets."

In addition to regulatory differences, Hines sees other factors underpinning the UK's current lead over the EU. "The UK is the most advanced in terms of the number of licensed TPPs [Third Party Providers such as FinTechs], he says, "as well as API call volumes and interaction." The UK's previous role as a major European FinTech hub has contributed to this position.

However, it's a mistake to see the EU as a single entity. Individual countries within the European Union have their own approaches to banking, especially when it comes to privacy and security. The most infamously cautious - some would say paranoid - about privacy are the Germans, for whom any sharing of personal data without express permission and an excellent reason is an absolute no-no.

Matthias "mk" Kröner is a thought leader within the global financial services community and co-founder and former CEO of Fidor Group. "I see, at least in the German market, some scepticism regarding PSD2," he says. He points out that open banking, by definition, allows bank account transaction data to be shared with third parties such as FinTechs. This doesn't sit well with many in Germany, and may go some way towards explaining why open banking take-up has been less enthusiastic there.

Contrast that with the UK where - equally stereotypically - privacy concerns tend to come a distant second to the desire for time-saving, labour-saving, money-saving features. Neither attitude is necessarily right or wrong, but it has an effect on the market. Now that the UK has left the EU, GDPR considerations are less of a factor, at least for UK-based FinTechs with UK-based customers. There are still strong laws governing the handling of personal data, but compliance is less onerous, allowing FinTechs to potentially be more nimble.

In summary, a combination of regulatory oversight, mandatory and enforced API standards, privacy regulations and customer culture is giving the UK the edge over the EU in open banking... at least for now.