If people thought “open banking” rules could be taken lightly, they should think again. Last Friday, the EU Commission confirmed it had carried out unannounced inspections in a number of Member States to investigate concerns that firms (or the associations representing them) may be preventing Third Party Providers (TPPs) from gaining access to bank customers’ account data, despite TPPs having the customer’s consent to do so.
Although we don't know the findings of these inspections, by taking this step the EU signalled, very clearly, its readiness to take a tough line to promote competition. As such, when the Revised Payment Services Directive (PSD2) becomes applicable next January, banks can reasonably expect the Commission to react forcefully if it detects any attempts to frustrate TPPs’ right to access customers’ payments data in contravention of the letter or spirit of PSD2.
However, as we have argued in our article, at least until PSD2 secondary legislation is finalised and further regulatory guidance is provided, banks will face a genuine challenge of reconciling the requirement of opening up payments data to TPPs with their responsibilities towards their customers and for data protection. If they wish to be firm but fair, EU regulators should set clear expectations about how they strike a balance between these two asks.
The European Commission can confirm that [..] its officials carried out unannounced inspections in a few Member States concerning online access to bank account information by competing service providers. The Commission has concerns that the companies involved […] may have engaged in anti-competitive practices […] aimed at excluding non-bank owned providers of financial services by preventing them from gaining access to bank customers' account data, despite the fact that the respective customers have given their consent to such access.