Our client is the Romanian branch of a Greek bank with approximately 18.5 thousand employees, in 8 countries (Greece and South East Europe).
Until now, Banks always had monopoly over customer data and financial transactions. Starting January 13th, 2018, all banks must comply to a new EU Directive. On January 13th, 2016, Directive (EU) 2015/2366 on payment services in the internal market (PSD2) entered into force. The Directive aims to promote the development of an efficient, secure and competitive retail payments market by enhancing payment service users’ protection, promoting innovation and improving the level of security of electronic payments.
The banks are all talking about PSD2 because it will require a lot of investment, reduce their existing revenue streams and introduce a whole wave of competitors.
When we buy something online we typically enter our payment details into the merchant’s website, and the merchant then gets the money from your bank account by way of a few intermediaries. With PSD2, the Directive will allow retailers to ‘ask’ consumers for permission to use your bank details. Once you give permission, the retailer will receive the payment directly from your bank – no intermediaries. The direct connection between retailers and banks will be enabled using Application Programming Interface or APIs for short. The use of API’s is exciting because it enables companies to connect to financial institutions directly.
The Directive provides in Article 35 that the payment system operator must give access to its system in a non-discriminatory manner in order to allow payment service providers to provide services in an unrestricted and effective manner.
On the other hand, Article 36 from the EU Directive provides that payment institutions have access to non-discriminatory account services, but this does not mean that payment service providers have the same rights. Access to payment accounts is dedicated to payment transactions only, so they cannot access any account information.
The Directive also stipulates that electronic money issuers have the same obligations as payment service providers.
If a credit institution refuses a payment service provider, the reason for the refusal must be communicated to the competent authority first and not to the payment service provider.
Our client needed to develop mechanisms to comply with this new directive.
The client wanted to comply with the new EU Directive, so he spoke with a third party about developing a solution. After he got the solution, the client asked Kepler to help him with the integration part of this project. The solution was supposed to be implemented very fast, because the requirements were very clear, and the deadline was January 2018, so that was part of the challenge. We had a team of 3 software developers working Waterfall on this project. For the integration we used Web services, Java, .Net and AS/400. The project saw daylight in December 2017, just in time to comply to the EU Directive.
This project required a lot of creativity and knowledge, because it is very difficult to integrate a new solution with all the bank’s old systems.
The client aligns to the European banking standards, just in time to avoid any repercussions.