If people thought “open banking” rules could be taken lightly, they should think again. Last Friday, the EU Commission confirmed it had carried out unannounced inspections in a number of Member States to investigate concerns that firms (or the associations representing them) may be preventing Third Party Providers (TPPs) from gaining access to bank customers’ account data, despite TPPs having the customer’s consent to do so.

Although we don't know the findings of these inspections, by taking this step the EU signalled, very clearly, its readiness to take a tough line to promote competition. As such, when the Revised Payment Services Directive (PSD2) becomes applicable next January, banks can reasonably expect the Commission to react forcefully if it detects any attempts to frustrate TPPs’ right to access customers’ payments data in contravention of the letter or spirit of PSD2.

However, as we have argued in our article, at least until PSD2 secondary legislation is finalised and further regulatory guidance is provided, banks will face a genuine challenge of reconciling the requirement of opening up payments data to TPPs with their responsibilities towards their customers and for data protection. If they wish to be firm but fair, EU regulators should set clear expectations about how they strike a balance between these two asks.