With the second Payment Services Directive (PSD2) Regulatory Technical Standards (RTS) deadline approaching on 14 September, new analysis has revealed that European banks have so far failed to provide the proper technology environment for third party providers (TPPs) to access payments data as required by the new law.

Swedish Open Banking platform Tink attempted to integrate 84 Application Programming Interfaces (APIs) representing 2,500 banks across 12 markets in Europe, which cover 90 per cent of the population in each market surveyed.

European banks were mandated to make their production APIs available by 14 June - three months before the final RTS deadline. Tink’s analysis showed that while 69 per cent of the APIs were available by that date, not a single API was found to be of sufficient quality to have met the required regulatory standards for integration.

Banks are welcoming feedback on the quality of their APIs and are showing willingness to improve, but the lack of the expected seamless transition from the sandbox environment from pre-14 June risks derailing the vision of PSD2, according to Tink.

In order to ensure a continued service to end users from September, third party providers will now need to rely on contingency methods stipulated by PSD2.

However, Tink noted there is a risk that banks could be let off the hook from providing these fallbacks – and provided an exemption on the basis of having made their APIs available, regardless of the quality.

Tomas Prochazka, vice president of product at Tink, called on regulators to enforce an extended transition period after the September deadline to allow banks more time to get the APIs up to standard, and for TPPs to make the necessary transition.

“While efforts from both sides are being made to make the deadline work, TPPs all over Europe are being left in the dark,” he stated. “Unanswered questions - such as who will be granted an exemption from providing a fallback method and when these exemptions will be issued - mean they are faced with a suboptimal working environment.”

In April, the European Banking Authority (EBA) published a series of clarifications to issues raised by its joint working group on APIs, as well as the provision of a list of TPPs that are interested in testing.

Last month, the Financial Conduct Authority (FCA) responded to the EBA's opinion on Strong Customer Authentication (SCA), agreeing that some firms will be given extra time to implement the rules.

Key industry questions about which authentication factors comply with the requirements for SCA had been taken into consideration ahead of the September deadline.

Share Story: